CVE-2017-10661

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.

CVSS v3 7.0 HIGH
CVSS v2.0 7.6 HIGH

7.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6	Issue Tracking Patch Third Party Advisory
http://www.debian.org/security/2017/dsa-3981	Mailing List Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15	Release Notes Vendor Advisory
http://www.securityfocus.com/bid/100215	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3083	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4057	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4058	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0036	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1481136	Issue Tracking
https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6	Issue Tracking Patch Third Party Advisory
https://source.android.com/security/bulletin/2017-08-01	Patch Vendor Advisory
https://www.exploit-db.com/exploits/43345/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

History

14 Mar 2024, 19:59

Type	Values Removed	Values Added
First Time		Redhat enterprise Linux Aus Redhat enterprise Linux Debian Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Debian debian Linux Redhat enterprise Linux Server Eus Redhat
References	~~() http://www.debian.org/security/2017/dsa-3981 -~~	() http://www.debian.org/security/2017/dsa-3981 - Mailing List, Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:3083 -~~	() https://access.redhat.com/errata/RHSA-2018:3083 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:3096 -~~	() https://access.redhat.com/errata/RHSA-2018:3096 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2019:4057 -~~	() https://access.redhat.com/errata/RHSA-2019:4057 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2019:4058 -~~	() https://access.redhat.com/errata/RHSA-2019:4058 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2020:0036 -~~	() https://access.redhat.com/errata/RHSA-2020:0036 - Third Party Advisory
References	~~() https://www.exploit-db.com/exploits/43345/ -~~	() https://www.exploit-db.com/exploits/43345/ - Third Party Advisory, VDB Entry
CPE		cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_aus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

Information

Published : 2017-08-19 18:29

Updated : 2024-03-14 19:59

NVD link : CVE-2017-10661

Mitre link : CVE-2017-10661

CVE.ORG link : CVE-2017-10661

JSON object : View

Products Affected

redhat

enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
enterprise_linux_aus
enterprise_linux
enterprise_linux_server_eus

linux

linux_kernel

debian

debian_linux

CWE

CWE-416

Use After Free

7.0 /10