Your submission was sent successfully! Close

CVE-2017-1000253

Published: 26 September 2017

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-16.19)
Patches:
Introduced by cc503c1b43e002e3f1fed70f46d947e2bf349bb6
Fixed by a87938b2e246b81b4fb713edb371a9fa3c5c3c86
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1001.1)
linux-azure
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.2)
linux-euclid
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-gcp
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1001.1)
linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.18.0-8.9~18.04.1)
linux-kvm
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.2)
linux-linaro-omap
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-oem
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.3)
linux-qcm-msm
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-1005.5)
linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (4.1~rc1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Notes

AuthorNote
sbeattie
fixed upstream in 4.1, so xenial and newer had it
went through stable, trusty had it in 3.13.0-56.93,
precise in 3.2.0-91.129, vivid in 3.19.0-19.19

References