CVE-2017-2618

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618	Issue Tracking Patch Third Party Advisory
https://marc.info/?l=selinux&m=148588165923772&w=2	Patch Third Party Advisory
https://www.debian.org/security/2017/dsa-3791	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0933	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0932	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0931	Third Party Advisory
http://www.securityfocus.com/bid/96272	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

Information

Published : 2018-07-27 12:29

Updated : 2023-02-12 15:29

NVD link : CVE-2017-2618

Mitre link : CVE-2017-2618

JSON object : View

CWE

CWE-193

Off-by-one Error

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux
enterprise_linux_workstation
enterprise_linux_server_aus
enterprise_linux_server_eus
enterprise_linux_server

linux

linux_kernel

debian

debian_linux

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2017-2618

5.5^/10

4.9^/10

Attach tags to `CVE-2017-2618`