TROYANOSYVIRUS
Voltar para CVEs

CVE-2017-6001

HIGH
7.0

Descricao

Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.

Detalhes CVE

Pontuacao CVSS v3.17.0
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado2/18/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0

Produtos afetados

linux:linux_kernel

Fraquezas (CWE)

CWE-362

Referencias

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3791(cve@mitre.org)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2017/02/16/1(cve@mitre.org)
http://www.securityfocus.com/bid/96264(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2017:1842(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2017:2077(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2017:2669(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:1854(cve@mitre.org)
https://bugzilla.redhat.com/show_bug.cgi?id=1422825(cve@mitre.org)
https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290(cve@mitre.org)
https://source.android.com/security/bulletin/pixel/2017-11-01(cve@mitre.org)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2017/dsa-3791(af854a3a-2127-422b-91ae-364da2661108)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2017/02/16/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/96264(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1842(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2077(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2669(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1854(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1422825(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290(af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/pixel/2017-11-01(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.