CVE-2017-2618

CVSS v3.0 5.5 (Medium)

CVSS v2.0 4.9 (Medium)

EPSS 0.06 % (28^th)

Affected Products 8

Advisories 8

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

Weaknesses

CWE-193: Off-by-one Error
CWE-682: Incorrect Calculation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2018-07-27 19:29:00
(6 years ago)
Updated Date: 2023-02-12 23:29:07
(19 months ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Redhat

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 4.9.10 version	cpe:2.3:o:linux:linux_kernel		< 4.9.10

Configuration #2

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Server Aus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
	Redhat Enterprise Linux Server Aus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
	Redhat Enterprise Linux Server Eus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
	Redhat Enterprise Linux Server Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
	Redhat Enterprise Linux Server Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0