CVE-2017-1000370

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.06 % (28^th)

Affected Products 1

Advisories 2

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.

Weaknesses

CWE-NVD-noinfo

Related CVEs

CVE-2017-1000371

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2017-06-19 16:29:00
(7 years ago)
Updated Date: 2023-01-17 21:03:46
(20 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.1 version and prior 4.1.43 version	cpe:2.3:o:linux:linux_kernel	>= 4.1	< 4.1.43
Linux Kernel from 4.2 version and prior 4.4.78 version	cpe:2.3:o:linux:linux_kernel	>= 4.2	< 4.4.78
Linux Kernel from 4.5 version and prior 4.9.39 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.9.39
Linux Kernel from 4.10 version and prior 4.11.12 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.11.12
Linux Kernel from 4.12 version and prior 4.12.3 version	cpe:2.3:o:linux:linux_kernel	>= 4.12	< 4.12.3