First published: Tue Oct 03 2017(Updated: )
A flaw was found in the Linux kernels handling of signal frame processing where any user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw only affects PowerPC systems running on Power8 or later processors. References: <a href="http://seclists.org/oss-sec/2017/q4/51">http://seclists.org/oss-sec/2017/q4/51</a> This issue was introduced by commit: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d176f751ee3">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d176f751ee3</a> An upstream fix: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=265e60a170d0a0ecfc2d20490134ed2c48dd45ab">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=265e60a170d0a0ecfc2d20490134ed2c48dd45ab</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | ||
Ibm Powerpc Power8 | ||
Ibm Powerpc Power9 | ||
All of | ||
Linux Linux kernel | ||
Any of | ||
Ibm Powerpc Power8 | ||
Ibm Powerpc Power9 | ||
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-1000255 is a vulnerability on Linux running on PowerPC hardware that allows a user process to craft a signal frame and exploit it for privilege escalation.
CVE-2017-1000255 is a medium severity vulnerability with a severity rating of 4.
To fix CVE-2017-1000255, update your Linux kernel to version 4.13.0-17.20 or later.
Yes, you can find more information about CVE-2017-1000255 in the following security advisories: http://seclists.org/oss-sec/2017/q4/51
You can find the source code patches for CVE-2017-1000255 in the following Git commits: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d176f751ee3, https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=265e60a170d0a0ecfc2d20490134ed2c48dd45ab