Main Vulnerability Database Exploits ID:6422 - Exploit for Race condition in Linux kernel - CVE-2017-1000405

ID:6422 - Exploit for Race condition in Linux kernel - CVE-2017-1000405

Published: June 17, 2021

Vulnerability identifier: #VU9520

Vulnerability risk: Low

CVE-ID: CVE-2017-1000405

CWE-ID: CWE-362

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.exploit-db.com/exploits/43199/

Vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within touch_pmd() function in mmhugemem.c file when handling THPs. A local user can read read-only huge pages using the get_user_pages() function and overwrite arbitrary huge pages and files mapped via THP.

Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.

This vulnerability is a result of patch against a another privilege escalation vulnerability in Linux kernel known as Dirty Cow (CVE-2016-5195).

Remediation

Install a patch from vendor's repository:
https://github.com/torvalds/linux/commit/a8f97366452ed491d13cf1e44241bc0b5740b1f0

ID:6422 - Exploit for Race condition in Linux kernel - CVE-2017-1000405

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human