Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2618

Опубликовано: 16 фев. 2017
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 due to a missing commit ( bb646cdb12e75d82258c2f2e7746d5952d3e321a ) which enabled changed system behavior. This issue does affect Red Hat Enteprise Linux 7 and MRG-2 kernels. A future Linux kernel updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2017:093112.04.2017
Red Hat Enterprise Linux 7kernelFixedRHSA-2017:093312.04.2017
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2017:093212.04.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-193
https://bugzilla.redhat.com/show_bug.cgi?id=1419916kernel: Off-by-one error in selinux_setprocattr (/proc/self/attr/fscreate)

EPSS

Процентиль: 16%
0.00052
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-2618

CVSS3: 5.5
ubuntu
почти 7 лет назад

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

nvd логотип

CVE-2017-2618

CVSS3: 5.5
nvd
почти 7 лет назад

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

debian логотип

CVE-2017-2618

CVSS3: 5.5
debian
почти 7 лет назад

A flaw was found in the Linux kernel's handling of clearing SELinux at ...

github логотип

GHSA-hpw2-j46j-hpv2

CVSS3: 5.5
github
около 3 лет назад

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

oracle-oval логотип

ELSA-2017-3640

oracle-oval
больше 7 лет назад

ELSA-2017-3640: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 16%
0.00052
Низкий

5.5 Medium

CVSS3