NVD

Id
87233  
Name
CVE-2017-1000370  
Description
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-06-28  
Published
2017-06-19  
Modified Date
2017-06-27  
Seq
2017-1000370  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
68672 JVNDB-2017-004929 Linux Kernel で使用される offset2lib パッチにおける認可・権限・アクセス制御に関する脆弱性 Linux Kernel で使用される offset2lib パッチには、認可・権限・アクセス制御に関する脆弱性が存在します。 CVE-2017-1000370 0 CVE-2017-1000370 87233 7.2 7.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-004929.html 2017-06-19 2017-07-11 View