| Revision Date: | 2022-09-02 | Version: | 1 |
| Title: | CVE-2017-1000371 |
| Description: |
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | Mitre CVE-2017-1000371
SUSE CVE-2017-1000371
|
| Platform(s): | SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Module for Public Cloud 15
SUSE Linux Enterprise Module for Public Cloud 15 SP1
SUSE Linux Enterprise Module for Public Cloud 15 SP2
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 6
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
| Product(s): | |
| Definition Synopsis |
| Release Information SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
AND kernel-source-azure is not affected
OR Package Information
SUSE CaaS Platform 4.0 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
AND
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR reiserfs-kmp-default is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
AND
kernel-default is not affected
OR kernel-source is not affected
OR Package Information
SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
AND
kernel-default is not affected
OR kernel-default-devel is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR Package Information
SUSE Linux Enterprise Module for Public Cloud 15 SP2 is installed
AND
kernel-devel-azure is not affected
OR kernel-source-azure is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Module for Public Cloud 15 is installed
OR SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
AND kernel-source-azure is not affected
OR Package Information
SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
AND
kernel-default is not affected
OR kernel-source is not affected
OR Package Information
SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
AND
kernel-default is not affected
OR kernel-default-devel is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR Package Information
SUSE Linux Enterprise Server for SAP Applications 15 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
AND
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR reiserfs-kmp-default is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
OR Package Information
SUSE Linux Enterprise Module for Public Cloud 15 SP2 is installed
AND
kernel-devel-azure is not affected
OR kernel-source-azure is not affected
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP2 is installed
AND Package Information
kernel-default is affected
OR kernel-source is affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 15 SP2 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP2 is installed
OR SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
OR SUSE Linux Enterprise Server 15 SP2 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
OR SUSE Linux Enterprise Storage 7 is installed
OR SUSE Manager Proxy 4.1 is installed
OR SUSE Manager Retail Branch Server 4.1 is installed
OR SUSE Manager Server 4.1 is installed
AND Package Information
kernel-default is not affected
OR kernel-source is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
AND
kernel-default is not affected
OR kernel-source is not affected
OR kernel-source-azure is not affected
OR Package Information
SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
AND
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
OR kernel-source-azure is not affected
OR Package Information
SUSE Linux Enterprise Server 12 SP5 is installed
AND
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR kernel-default-man is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
OR kernel-devel-azure is not affected
OR kernel-source-azure is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
OR SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
OR SUSE Linux Enterprise Server 15 SP1 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
OR SUSE Linux Enterprise Storage 6 is installed
OR SUSE Manager Proxy 4.0 is installed
OR SUSE Manager Retail Branch Server 4.0 is installed
OR SUSE Manager Server 4.0 is installed
AND kernel-source-azure is not affected
OR Package Information
SUSE CaaS Platform 4.0 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
AND
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR reiserfs-kmp-default is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
OR SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
OR SUSE Linux Enterprise Server 15 SP1 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
OR SUSE Linux Enterprise Storage 6 is installed
OR SUSE Manager Proxy 4.0 is installed
OR SUSE Manager Retail Branch Server 4.0 is installed
OR SUSE Manager Server 4.0 is installed
AND kernel-source-azure is not affected
OR Package Information
SUSE Manager Proxy 4.0 is installed
OR SUSE Manager Retail Branch Server 4.0 is installed
OR SUSE Manager Server 4.0 is installed
AND
kernel-default is not affected
OR kernel-source is not affected
OR Package Information
SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
AND
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR reiserfs-kmp-default is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
|
| Definition Synopsis |
| Release Information
SUSE OpenStack Cloud 9 is installed
OR SUSE OpenStack Cloud Crowbar 9 is installed
AND Package Information
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
OR kernel-source-azure is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise High Performance Computing 15 SP1 is installed
OR SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
OR SUSE Linux Enterprise Server 15 SP1 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
OR SUSE Linux Enterprise Storage 6 is installed
OR SUSE Manager Proxy 4.0 is installed
OR SUSE Manager Retail Branch Server 4.0 is installed
OR SUSE Manager Server 4.0 is installed
AND kernel-source-azure is not affected
OR Package Information
SUSE Enterprise Storage 6 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
AND
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR reiserfs-kmp-default is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
|
| Definition Synopsis |
| SUSE Linux Enterprise Micro 5.0 is installed
AND Package Information
kernel-default is not affected
OR kernel-rt is not affected
|
| Definition Synopsis |
| SUSE Linux Enterprise Micro 5.1 is installed
AND Package Information
kernel-default is not affected
OR kernel-rt is not affected
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
AND
kernel-default is not affected
OR kernel-source is not affected
OR kernel-source-azure is not affected
OR Package Information
SUSE Linux Enterprise Server 12 SP5 is installed
AND
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR kernel-default-man is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
OR kernel-devel-azure is not affected
OR kernel-source-azure is not affected
|
| Definition Synopsis |
| SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
AND Package Information
kernel-default is not affected
OR kernel-default-base is not affected
OR kernel-default-devel is not affected
OR kernel-devel is not affected
OR kernel-macros is not affected
OR kernel-source is not affected
OR kernel-source-azure is not affected
|