CVE-2017-1000405: Race Condition
First published: Wed Nov 22 2017(Updated: )
A flaw was found in the patches used to fix the 'dirtycow' vulnerability <a href="https://access.redhat.com/security/cve/CVE-2016-5195">CVE-2016-5195</a>). The touch_pmd() function can be accessed by get_user_pages(). In this case, the pmd will become dirty without going through the Copy On Write cycle. In the simplest example, a large page that is read-only can be modified, including page 0 of a processes virtual address space. Upstream patch: <a href="https://github.com/torvalds/linux/commit/a8f97366452ed491d13cf1e44241bc0b5740b1f0">https://github.com/torvalds/linux/commit/a8f97366452ed491d13cf1e44241bc0b5740b1f0</a> Vulnerability announcement: <a href="http://www.openwall.com/lists/oss-security/2017/11/30/1">http://www.openwall.com/lists/oss-security/2017/11/30/1</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=3.2.87<3.3 | |
| Linux Linux kernel | >=3.10.106<3.11 | |
| Linux Linux kernel | >=3.12.73<3.13 | |
| Linux Linux kernel | >=3.16.42<3.16.52 | |
| Linux Linux kernel | >=3.18.55<3.18.86 | |
| Linux Linux kernel | >=4.1.41<4.1.48 | |
| Linux Linux kernel | >=4.4.70<4.4.104 | |
| Linux Linux kernel | >=4.9.7<4.9.67 | |
| Linux Linux kernel | >=4.10<4.14.4 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/102032
- http://www.securitytracker.com/id/1040020
- https://access.redhat.com/errata/RHSA-2018:0180
- https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0
- https://source.android.com/security/bulletin/pixel/2018-02-01
- https://www.exploit-db.com/exploits/43199/
- https://launchpad.net/bugs/cve/CVE-2017-1000405
- https://access.redhat.com/security/cve/CVE-2016-5195
- https://github.com/torvalds/linux/commit/a8f97366452ed491d13cf1e44241bc0b5740b1f0
- http://www.openwall.com/lists/oss-security/2017/11/30/1
- https://access.redhat.com/security/vulnerabilities/3253921
- https://access.redhat.com/articles/3158541
- https://access.redhat.com/articles/3158511
- https://access.redhat.com/solutions/1320153
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1519115
- https://bugzilla.redhat.com/show_bug.cgi?id=1516514
- https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
- https://www.openwall.com/lists/oss-security/2017/11/30/1
- https://github.com/bindecy/HugeDirtyCowPOC
- https://security-tracker.debian.org/tracker/CVE-2017-1000405
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000405
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000405
- https://ubuntu.com/security/CVE-2017-1000405
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-1000405
- agent/author
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.2.87
- version/linux linux kernel/3.10.106
- version/linux linux kernel/3.12.73
- version/linux linux kernel/3.16.42
- version/linux linux kernel/3.18.55
- version/linux linux kernel/4.1.41
- version/linux linux kernel/4.4.70
- version/linux linux kernel/4.9.7
- version/linux linux kernel/4.10
- package-manager/debian