CVE-2017-1000364

Release Date:2017-06-19

Description


An issue was discovered in the size of the stack guard page on Linux,specifically a 4k stack guard page is not sufficiently large and can be jumped over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

See more information about CVE-2017-1000364 from MITRE CVE dictionary and NIST NVD


CVSS v2 metrics


NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score:6.2 Base Metrics:AV:L/AC:H/Au:N/C:C/I:C/A:C
Access Vector: Local network Confidentiality Impact: Complete
Access Impact: High Integrity Impact: Complete
Authentication: None required Availability Impact: Complete

Errata information


PlatformErrataRelease Date
Oracle Linux version 5 (kernel)ELSA-2017-1482-12017-06-30
Oracle Linux version 5 (ocfs2-2.6.18-419.0.0.0.2.el5)ELSA-2017-1482-12017-06-30
Oracle Linux version 5 (oracleasm-2.6.18-419.0.0.0.2.el5)ELSA-2017-1482-12017-06-30
Oracle Linux version 6 (dtrace-modules-4.1.12-94.3.7.el6uek)ELSA-2017-35872017-06-28
Oracle Linux version 6 (glibc)ELSA-2017-35832017-06-20
Oracle Linux version 6 (kernel)ELSA-2017-14862017-06-19
Oracle Linux version 6 (kernel-uek)ELSA-2017-35872017-06-28
Oracle Linux version 6 (kernel-uek)ELSA-2017-35922017-07-12
Oracle Linux version 7 (dtrace-modules-4.1.12-94.3.7.el7uek)ELSA-2017-35872017-06-28
Oracle Linux version 7 (glibc)ELSA-2017-35822017-06-20
Oracle Linux version 7 (kernel)ELSA-2017-14842017-06-19
Oracle Linux version 7 (kernel)ELSA-2017-1484-12017-06-20
Oracle Linux version 7 (kernel-uek)ELSA-2017-35872017-06-28
Oracle VM version 3.4 (kernel-uek)OVMSA-2017-01152017-06-28

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team