CVE-2017-12146

Опубликовано: 25 мая 2017

Источник: redhat

CVSS3: 7

EPSS Низкий

Описание

The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.

It was found that the driver_override implementation in base/platform.c in the Linux kernel is susceptible to race condition when different threads are reading vs storing a different driver override.

Отчет

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2 as the code with the flaw is not present in the products listed.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Fixed	RHEA-2017:3163	09.11.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-362

https://bugzilla.redhat.com/show_bug.cgi?id=1489078kernel: Race condition in driver_override implementation

EPSS

Процентиль: 19%

0.00059

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2017-12146

CVSS3: 7

ubuntu

почти 8 лет назад

CVE-2017-12146

CVSS3: 7

nvd

почти 8 лет назад

CVE-2017-12146

CVSS3: 7

debian

почти 8 лет назад

The driver_override implementation in drivers/base/platform.c in the L ...

GHSA-6h2m-2j87-hjv5

CVSS3: 7

github

около 3 лет назад

ELSA-2018-4084

oracle-oval

около 7 лет назад

ELSA-2018-4084: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 19%

0.00059

Низкий

7 High

CVSS3