Systems Affected
Linus Kernel 3.6 (.0, .1)
Linus Kernel 3.7 (.0, .1, .2, .3, .4, .5, .6, .7, .8)
Linus Kernel 3.8 (.0, .1, .2, .3, .4, .5, .6, .7)
Linus Kernel 3.9 (Base, .1, .2, .3, .4, .5, .6)
Linus Kernel 3.10 (.0)
Red Hat Enterprise Linux Server - Extended Update Support 7.2 x86_64
Red Hat Enterprise Linux Server - AUS 7.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.2 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2 ppc64le
Red Hat Enterprise Linux Server - TUS 7.2 x86_64
Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.2 x86_64
CentOS 7 before 1708
All versions of CentOS 6
Threat Level
Overview
Vulnerability has been reported in Linux kernel which could be exploited by local attacker to gain elevated privileges on a targeted system.
Description
The vulnerability exists due to improper loading of Executable and Linkable Format (ELF) executables by the affected software. An unprivileged local attacker could exploit this vulnerability to cause a memory corruption.
Successful exploitation of this vulnerability could allow an unprivileged local attacker with access to SUID (or otherwise privileged) Position Independent Executable (PIE) binary could use this flaw to escalate their privileges on the targeted system.
Impact
Solution/ Workarounds
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
References
http://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2017-0147
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|