|
Systems Affected
Linus Kernel 3.6 (.0, .1)
Linus Kernel 3.7 (.0, .1, .2, .3, .4, .5, .6, .7, .8)
Linus Kernel 3.8 (.0, .1, .2, .3, .4, .5, .6, .7)
Linus Kernel 3.9 (Base, .1, .2, .3, .4, .5, .6)
Linus Kernel 3.10 (.0)
Red Hat Enterprise Linux Server - Extended Update Support 7.2 x86_64
Red Hat Enterprise Linux Server - AUS 7.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.2 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2 ppc64le
Red Hat Enterprise Linux Server - TUS 7.2 x86_64
Red Hat Enterprise Linux Server - 4 Year Extended Update Support 7.2 x86_64
CentOS 7 before 1708
All versions of CentOS 6
Threat Level
Overview
Vulnerability has been reported in Linux kernel which could be exploited by local attacker to gain elevated privileges on a targeted system.
Description
The vulnerability exists due to improper loading of Executable and Linkable Format (ELF) executables by the affected software. An unprivileged local attacker could exploit this vulnerability to cause a memory corruption.
Successful exploitation of this vulnerability could allow an unprivileged local attacker with access to SUID (or otherwise privileged) Position Independent Executable (PIE) binary could use this flaw to escalate their privileges on the targeted system.
Impact
Solution/ Workarounds
Apply appropriate patch as mentioned in below link:
https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86
References
http://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2017-0147
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
