Privilege escalation in Linux kernel - CVE-2017-5123
Published: October 14, 2017 / Updated: August 23, 2023
Vulnerability identifier: #VU8828
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-5123
CWE-ID: CWE-391
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 does not check that the incoming argument points to the userspace. This can allow local users to write directly to kernel memory, which could lead to privilege escalation.
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 does not check that the incoming argument points to the userspace. This can allow local users to write directly to kernel memory, which could lead to privilege escalation.
How to mitigate CVE-2017-5123
Install update from vendor's repository.