[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99536

 
 

909

 
 

80128

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-6001

Date: (C)2017-02-21   (M)2018-01-05 


Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.

CVSS Score: 7.6Access Vector: NETWORK
Exploit Score: 4.9Access Complexity: HIGH
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
BID-96264
DSA-3791
RHSA-2017:1842
RHSA-2017:2077
RHSA-2017:2669
http://www.openwall.com/lists/oss-security/2017/02/16/1
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7
https://bugzilla.redhat.com/show_bug.cgi?id=1422825
https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290
https://source.android.com/security/bulletin/pixel/2017-11-01

CWE    1
CWE-362
OVAL    7
oval:org.secpod.oval:def:703645
oval:org.secpod.oval:def:703649
oval:org.secpod.oval:def:1501822
oval:org.secpod.oval:def:1501820
...

© 2013 SecPod Technologies