VDB

CVE-2017-17053

CVE-2017-17053 PUBLISHED

The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.

EPSS 0.11% · 28.6th percentile

Risk Scores

EPSS Score
0.11%
28.6th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSlinux-realtime5.15.0-1032.35, 0
Ubuntu:22.04:LTSlinux-intel-iot-realtime0, 5.15.0-1073.75
Ubuntu:16.04:LTSlinux-gcp4.10.0-1009.9, 4.10.0-1008.8, 4.10.0-1007.7
Ubuntu:22.04:LTSlinux-riscv5.15.0-1012.13, 5.15.0-1015.17, 5.15.0-1018.21
Ubuntu:24.04:LTSlinux-raspi-realtime6.8.0-2019.20, 0
Ubuntu:16.04:LTSlinux-hwe0, *, 4.10.0-27.30~16.04.2
Ubuntu:20.04:LTSlinux-gke5.4.0-1061.64, 0, 5.4.0-1033.35
Ubuntu:20.04:LTSlinux-raspi25.3.0-1007.8, 5.3.0-1014.16, 5.3.0-1015.17
Ubuntu:20.04:LTSlinux-riscv5.4.0-26.30, 5.4.0-27.31, 5.4.0-28.32
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1063.66+cvm3.2, 5.4.0-1065.68+cvm2.1, 5.4.0-1067.70+cvm1.1
Ubuntu:16.04:LTSlinux-azure4.11.0-1014.14, 0, 4.11.0-1016.16

Exploit Intelligence

Timeline

  • Nov 29, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • May 14, 2022 CVE Updated
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›