CVE-2017-1000253 Common Vulnerabilities and Exposures

Upstream information

CVE-2017-1000253 at MITRE

Description

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
	National Vulnerability Database	SUSE
Base Score	7.2	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C	AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Local	Local
Access Complexity	Low	Low
Authentication	None	None
Confidentiality Impact	Complete	Complete
Integrity Impact	Complete	Complete
Availability Impact	Complete	Complete

CVSS v3 Scores
	CNA (CISA-ADP)	National Vulnerability Database	SUSE
Base Score	7.8	7.8	8.4
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector	Local	Local	Local
Attack Complexity	Low	Low	Low
Privileges Required	Low	Low	None
User Interaction	None	None	None
Scope	Unchanged	Unchanged	Unchanged
Confidentiality Impact	High	High	High
Integrity Impact	High	High	High
Availability Impact	High	High	High
CVSSv3 Version	3.1	3.1	3

Note from the SUSE Security Team

SUSE Linux Enterprise Server 12 SP2 and SP3 are not affected, as the fix was added in Linux Kernel 4.1. SUSE Linux Enterprise Server 12 GA and SP1 have received this fix via the 3.12.43 stable kernel update.

Note from the SUSE Security Team on the kernel-default package

SUSE will no longer fix all CVEs in the Linux Kernel anymore, but declare some bug classes as won't fix. Please refer to TID 21496 for more details.

SUSE Bugzilla entries: 1059525 [RESOLVED / FIXED], 1061680 [RESOLVED / DUPLICATE], 1063607 [NEW], 1071943 [NEW], 1072204 [RESOLVED / FIXED], 1075506 [RESOLVED / NORESPONSE], 1115893 [NEW], 1149729 [RESOLVED / INVALID]

SUSE Security Advisories:

SUSE-SU-2017:2723-1, published Fri Oct 13 07:10:00 MDT 2017
SUSE-SU-2017:2725-1, published Sat Oct 14 13:09:19 MDT 2017
SUSE-SU-2017:3165-1, published Thu Nov 30 13:08:11 MST 2017

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4	`kernel-docs >= 3.0.101-108.13.2`	Patchnames: sdksp4-kernel-13312
SUSE Linux Enterprise Point of Sale 11 SP3	`kernel-default >= 3.0.101-0.47.106.8.1` `kernel-default-base >= 3.0.101-0.47.106.8.1` `kernel-default-devel >= 3.0.101-0.47.106.8.1` `kernel-ec2 >= 3.0.101-0.47.106.8.1` `kernel-ec2-base >= 3.0.101-0.47.106.8.1` `kernel-ec2-devel >= 3.0.101-0.47.106.8.1` `kernel-pae >= 3.0.101-0.47.106.8.1` `kernel-pae-base >= 3.0.101-0.47.106.8.1` `kernel-pae-devel >= 3.0.101-0.47.106.8.1` `kernel-source >= 3.0.101-0.47.106.8.1` `kernel-syms >= 3.0.101-0.47.106.8.1` `kernel-trace >= 3.0.101-0.47.106.8.1` `kernel-trace-base >= 3.0.101-0.47.106.8.1` `kernel-trace-devel >= 3.0.101-0.47.106.8.1` `kernel-xen >= 3.0.101-0.47.106.8.1` `kernel-xen-base >= 3.0.101-0.47.106.8.1` `kernel-xen-devel >= 3.0.101-0.47.106.8.1`	Patchnames: sleposp3-kernel-13314
SUSE Linux Enterprise Real Time 11 SP4	`kernel-rt >= 3.0.101.rt130-69.11.1` `kernel-rt-base >= 3.0.101.rt130-69.11.1` `kernel-rt-devel >= 3.0.101.rt130-69.11.1` `kernel-rt_trace >= 3.0.101.rt130-69.11.1` `kernel-rt_trace-base >= 3.0.101.rt130-69.11.1` `kernel-rt_trace-devel >= 3.0.101.rt130-69.11.1` `kernel-source-rt >= 3.0.101.rt130-69.11.1` `kernel-syms-rt >= 3.0.101.rt130-69.11.1`	Patchnames: slertesp4-kernel-rt-201711-13355
SUSE Linux Enterprise Server 11 SP3-LTSS	`kernel-bigsmp >= 3.0.101-0.47.106.8.1` `kernel-bigsmp-base >= 3.0.101-0.47.106.8.1` `kernel-bigsmp-devel >= 3.0.101-0.47.106.8.1` `kernel-default >= 3.0.101-0.47.106.8.1` `kernel-default-base >= 3.0.101-0.47.106.8.1` `kernel-default-devel >= 3.0.101-0.47.106.8.1` `kernel-default-man >= 3.0.101-0.47.106.8.1` `kernel-ec2 >= 3.0.101-0.47.106.8.1` `kernel-ec2-base >= 3.0.101-0.47.106.8.1` `kernel-ec2-devel >= 3.0.101-0.47.106.8.1` `kernel-pae >= 3.0.101-0.47.106.8.1` `kernel-pae-base >= 3.0.101-0.47.106.8.1` `kernel-pae-devel >= 3.0.101-0.47.106.8.1` `kernel-source >= 3.0.101-0.47.106.8.1` `kernel-syms >= 3.0.101-0.47.106.8.1` `kernel-trace >= 3.0.101-0.47.106.8.1` `kernel-trace-base >= 3.0.101-0.47.106.8.1` `kernel-trace-devel >= 3.0.101-0.47.106.8.1` `kernel-xen >= 3.0.101-0.47.106.8.1` `kernel-xen-base >= 3.0.101-0.47.106.8.1` `kernel-xen-devel >= 3.0.101-0.47.106.8.1`	Patchnames: slessp3-kernel-13314
SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4	`kernel-bigmem >= 3.0.101-108.13.1` `kernel-bigmem-base >= 3.0.101-108.13.1` `kernel-bigmem-devel >= 3.0.101-108.13.1` `kernel-default >= 3.0.101-108.13.1` `kernel-default-base >= 3.0.101-108.13.1` `kernel-default-devel >= 3.0.101-108.13.1` `kernel-default-man >= 3.0.101-108.13.1` `kernel-docs >= 3.0.101-108.13.2` `kernel-ec2 >= 3.0.101-108.13.1` `kernel-ec2-base >= 3.0.101-108.13.1` `kernel-ec2-devel >= 3.0.101-108.13.1` `kernel-pae >= 3.0.101-108.13.1` `kernel-pae-base >= 3.0.101-108.13.1` `kernel-pae-devel >= 3.0.101-108.13.1` `kernel-ppc64 >= 3.0.101-108.13.1` `kernel-ppc64-base >= 3.0.101-108.13.1` `kernel-ppc64-devel >= 3.0.101-108.13.1` `kernel-source >= 3.0.101-108.13.1` `kernel-syms >= 3.0.101-108.13.1` `kernel-trace >= 3.0.101-108.13.1` `kernel-trace-base >= 3.0.101-108.13.1` `kernel-trace-devel >= 3.0.101-108.13.1` `kernel-xen >= 3.0.101-108.13.1` `kernel-xen-base >= 3.0.101-108.13.1` `kernel-xen-devel >= 3.0.101-108.13.1`	Patchnames: sdksp4-kernel-13312 slessp4-kernel-13312

Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification. The updates are grouped by state of their lifecycle. SUSE product lifecycles are documented on the lifecycle page.

Product(s)	Source package	State
Products under Long Term Service Pack support and receiving important and critical security fixes.
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE	kernel-source	Affected
Products past their end of life and not receiving proactive updates anymore.
HPE Helion OpenStack 8	kernel-source	Not affected
SUSE CaaS Platform Toolchain 3	kernel-source	Not affected
SUSE Linux Enterprise Desktop 11 SP3	kernel-source	Affected
SUSE Linux Enterprise Desktop 11 SP4	kernel-docs	Released
SUSE Linux Enterprise Desktop 11 SP4	kernel-source	Affected
SUSE Linux Enterprise Desktop 12	kernel-source	Already fixed
SUSE Linux Enterprise Desktop 12 SP1	kernel-source	Already fixed
SUSE Linux Enterprise Desktop 12 SP2	kernel-default	Unsupported
SUSE Linux Enterprise Desktop 12 SP2	kernel-source	Unsupported
SUSE Linux Enterprise Desktop 12 SP3	kernel-default	Not affected
SUSE Linux Enterprise Desktop 12 SP3	kernel-source	Not affected
SUSE Linux Enterprise Point of Sale 11 SP3	kernel-default	Released
SUSE Linux Enterprise Point of Sale 11 SP3	kernel-ec2	Released
SUSE Linux Enterprise Point of Sale 11 SP3	kernel-pae	Released
SUSE Linux Enterprise Point of Sale 11 SP3	kernel-source	Released
SUSE Linux Enterprise Point of Sale 11 SP3	kernel-syms	Released
SUSE Linux Enterprise Point of Sale 11 SP3	kernel-trace	Released
SUSE Linux Enterprise Point of Sale 11 SP3	kernel-xen	Released
SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT	kernel-source	Already fixed
SUSE Linux Enterprise Point of Service 11 SP3	kernel-default	Unsupported
SUSE Linux Enterprise Point of Service 11 SP3	kernel-source	Unsupported
SUSE Linux Enterprise Real Time 11 SP4	kernel-rt	Released
SUSE Linux Enterprise Real Time 11 SP4	kernel-rt_trace	Released
SUSE Linux Enterprise Real Time 11 SP4	kernel-source-rt	Released
SUSE Linux Enterprise Real Time 11 SP4	kernel-syms-rt	Released
SUSE Linux Enterprise Server 11 SP3	kernel-source	Affected
SUSE Linux Enterprise Server 11 SP3 LTSS	kernel-default	Released
SUSE Linux Enterprise Server 11 SP3 LTSS	kernel-source	Released
SUSE Linux Enterprise Server 11 SP3-LTSS	kernel-bigsmp	Released
SUSE Linux Enterprise Server 11 SP3-LTSS	kernel-default	Released
SUSE Linux Enterprise Server 11 SP3-LTSS	kernel-ec2	Released
SUSE Linux Enterprise Server 11 SP3-LTSS	kernel-pae	Released
SUSE Linux Enterprise Server 11 SP3-LTSS	kernel-source	Released
SUSE Linux Enterprise Server 11 SP3-LTSS	kernel-syms	Released
SUSE Linux Enterprise Server 11 SP3-LTSS	kernel-trace	Released
SUSE Linux Enterprise Server 11 SP3-LTSS	kernel-xen	Released
SUSE Linux Enterprise Server 11 SP4	kernel-bigmem	Released
SUSE Linux Enterprise Server 11 SP4	kernel-default	Released
SUSE Linux Enterprise Server 11 SP4	kernel-docs	Released
SUSE Linux Enterprise Server 11 SP4	kernel-ec2	Released
SUSE Linux Enterprise Server 11 SP4	kernel-pae	Released
SUSE Linux Enterprise Server 11 SP4	kernel-ppc64	Released
SUSE Linux Enterprise Server 11 SP4	kernel-source	Released
SUSE Linux Enterprise Server 11 SP4	kernel-syms	Released
SUSE Linux Enterprise Server 11 SP4	kernel-trace	Released
SUSE Linux Enterprise Server 11 SP4	kernel-xen	Released
SUSE Linux Enterprise Server 11 SP4 LTSS	kernel-default	Affected
SUSE Linux Enterprise Server 11 SP4 LTSS	kernel-source	Affected
SUSE Linux Enterprise Server 11 SP4-LTSS	kernel-default	Released
SUSE Linux Enterprise Server 11 SP4-LTSS	kernel-source	Released
SUSE Linux Enterprise Server 12	kernel-source	Already fixed
SUSE Linux Enterprise Server 12 SP1	kernel-source	Already fixed
SUSE Linux Enterprise Server 12 SP1-LTSS	kernel-default	Already fixed
SUSE Linux Enterprise Server 12 SP1-LTSS	kernel-source	Already fixed
SUSE Linux Enterprise Server 12 SP2	kernel-default	Not affected
SUSE Linux Enterprise Server 12 SP2	kernel-source	Not affected
SUSE Linux Enterprise Server 12 SP2-BCL	kernel-source	Already fixed
SUSE Linux Enterprise Server 12 SP2-ESPOS	kernel-source	Already fixed
SUSE Linux Enterprise Server 12 SP2-LTSS	kernel-source	Already fixed
SUSE Linux Enterprise Server 12 SP3	kernel-default	Not affected
SUSE Linux Enterprise Server 12 SP3	kernel-source	Not affected
SUSE Linux Enterprise Server 12 SP3-BCL	kernel-source	Not affected
SUSE Linux Enterprise Server 12 SP3-ESPOS	kernel-source	Not affected
SUSE Linux Enterprise Server 12 SP3-LTSS	kernel-source	Not affected
SUSE Linux Enterprise Server 12-LTSS	kernel-default	Already fixed
SUSE Linux Enterprise Server 12-LTSS	kernel-source	Already fixed
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2	kernel-source	Already fixed
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-bigmem	Released
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-default	Released
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-docs	Released
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-ec2	Released
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-pae	Released
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-ppc64	Released
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-source	Released
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-syms	Released
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-trace	Released
SUSE Linux Enterprise Server for SAP Applications 11 SP4	kernel-xen	Released
SUSE Linux Enterprise Server for SAP Applications 12 SP1	kernel-source	Already fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP2	kernel-source	Already fixed
SUSE Linux Enterprise Server for SAP Applications 12 SP3	kernel-source	Not affected
SUSE Linux Enterprise Software Development Kit 11 SP4	kernel-docs	Released
SUSE OpenStack Cloud 7	kernel-source	Already fixed
SUSE OpenStack Cloud 8	kernel-source	Not affected
SUSE OpenStack Cloud Crowbar 8	kernel-source	Not affected

SUSE Timeline for this CVE

CVE page created: Wed Sep 20 13:30:33 2017
CVE page last modified: Fri Sep 20 18:24:31 2024