[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2017-6001Date: (C)2017-02-21   (M)2018-09-04


Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.0CVSS Score : 7.6
Exploit Score: 1.0Exploit Score: 4.9
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: HIGH
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
BID-96264
DSA-3791
RHSA-2017:1842
RHSA-2017:2077
RHSA-2017:2669
http://www.openwall.com/lists/oss-security/2017/02/16/1
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7
https://bugzilla.redhat.com/show_bug.cgi?id=1422825
https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290
https://source.android.com/security/bulletin/pixel/2017-11-01

CPE    1
cpe:/o:linux:linux_kernel:4.9.6
CWE    1
CWE-362
OVAL    13
oval:org.secpod.oval:def:703645
oval:org.secpod.oval:def:703649
oval:org.secpod.oval:def:1501822
oval:org.secpod.oval:def:1501820
...

© SecPod Technologies