Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
14 Mar 2024, 19:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.debian.org/security/2017/dsa-3981 - Mailing List, Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:3083 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:3096 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:4057 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:4058 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2020:0036 - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/43345/ - Third Party Advisory, VDB Entry | |
First Time |
Redhat enterprise Linux
Redhat enterprise Linux Aus Debian Redhat Redhat enterprise Linux Server Eus Debian debian Linux Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions |
|
CPE | cpe:2.3:o:redhat:enterprise_linux_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
Information
Published : 2017-08-19 18:29
Updated : 2024-03-14 19:59
NVD link : CVE-2017-10661
Mitre link : CVE-2017-10661
CVE.ORG link : CVE-2017-10661
JSON object : View
Products Affected
redhat
- enterprise_linux_aus
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- enterprise_linux_server_eus
- enterprise_linux
linux
- linux_kernel
debian
- debian_linux
CWE
CWE-416
Use After Free