CVE-2017-1000370

HIGH

Linux Kernel <4.11.5 - RCE

Title source: llm

Description

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Qualys Corporation · clocallinux_x86

https://www.exploit-db.com/exploits/42273

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Qualys Corporation · clocallinux_x86

https://www.exploit-db.com/exploits/42274

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3981

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99149

[Third Party Advisory, VDB Entry] https://access.redhat.com/security/cve/CVE-2017-1000370

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42273/

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42274/

[Third Party Advisory] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Scores

CVSS v3 7.8

EPSS 0.0171

EPSS Percentile 82.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

linux/linux_kernel 4.1 - 4.1.43

Published Jun 19, 2017

Tracked Since Feb 18, 2026