{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-19T00:00:00", "descriptions": [{"lang": "en", "value": "The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-05T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "99149", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99149"}, {"tags": ["x_refsource_MISC"], "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}, {"name": "DSA-3981", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3981"}, {"name": "42273", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42273/"}, {"name": "42274", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42274/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/security/cve/CVE-2017-1000370"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-1000370", "REQUESTER": "qsa@qualys.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "99149", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99149"}, {"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource": "MISC", "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}, {"name": "DSA-3981", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3981"}, {"name": "42273", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42273/"}, {"name": "42274", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42274/"}, {"name": "https://access.redhat.com/security/cve/CVE-2017-1000370", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/cve/CVE-2017-1000370"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:00:39.962Z"}, "title": "CVE Program Container", "references": [{"name": "99149", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99149"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}, {"name": "DSA-3981", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3981"}, {"name": "42273", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42273/"}, {"name": "42274", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42274/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2017-1000370"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000370", "datePublished": "2017-06-19T16:00:00", "dateReserved": "2017-06-19T00:00:00", "dateUpdated": "2024-08-05T22:00:39.962Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3178B0F5-19A9-43EA-A499-00A81BAC83E5", "versionEndExcluding": "4.1.43", "versionStartIncluding": "4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "53D588E8-41E9-45DB-A106-D0D6FAFBEAEA", "versionEndExcluding": "4.4.78", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "894EA787-0B3C-4729-9CE9-4CA86309E37A", "versionEndExcluding": "4.9.39", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6070460C-3FAE-457B-9A3E-5ADF3AA3CC1D", "versionEndExcluding": "4.11.12", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D1EC748-85AE-40F3-A67C-3F634135A2F6", "versionEndExcluding": "4.12.3", "versionStartIncluding": "4.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems."}, {"lang": "es", "value": "El parche offset2lib tal como es usado por el Kernel de Linux contiene una vulnerabilidad que permite que un binario PIE sea execve()'ed con 1 GB de argumentos o cadenas de entorno, entonces la pila ocupa la direcci\u00f3n 0x80000000 y el binario PIE se asigna por encima de 0x40000000 haciendo null la protecci\u00f3n del parche offset2lib. Esto afecta al Kernel de Linux versi\u00f3n 4.11.5 y anteriores. Este es un problema diferente al CVE-2017-1000371. Este problema parece estar limitado a los sistemas basados en i386."}], "id": "CVE-2017-1000370", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-19T16:29:00.390", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3981"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99149"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://access.redhat.com/security/cve/CVE-2017-1000370"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42273/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42274/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3981"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://access.redhat.com/security/cve/CVE-2017-1000370"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42273/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42274/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Qualys Inc for reporting this issue.", "bugzilla": {"description": "kernel: offset2lib patch protection bypass", "id": "1462153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462153"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems."], "name": "CVE-2017-1000370", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-1000370\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000370\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7 and MRG-2 as the i686 architecture is not supported by\nthis kernel.\nThis issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5 and 6. At this time there is no plan to release an\nupdate to fix this issue.", "threat_severity": "Low"}