CVE-2017-1000253 - Vulnerability Details

- kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary

Description

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.

Published: 2017-10-04

Score: 7.8 High

EPSS: 57.0% High

KEV: Yes

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:o:centos:centos:6.0:::::::*
	cpe:2.3:o:centos:centos:6.1:::::::*
	cpe:2.3:o:centos:centos:6.2:::::::*
	cpe:2.3:o:centos:centos:6.3:::::::*
	cpe:2.3:o:centos:centos:6.4:::::::*
	cpe:2.3:o:centos:centos:6.5:::::::*
	cpe:2.3:o:centos:centos:6.6:::::::*
	cpe:2.3:o:centos:centos:6.7:::::::*
	cpe:2.3:o:centos:centos:6.8:::::::*
	cpe:2.3:o:centos:centos:6.9:::::::*
	cpe:2.3:o:centos:centos:7.1406:::::::*
	cpe:2.3:o:centos:centos:7.1503:::::::*
	cpe:2.3:o:centos:centos:7.1511:::::::*
	cpe:2.3:o:centos:centos:7.1611:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.9:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.3:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5.9 Long Life
kernel-0:2.6.18-348.34.2.el5	cpe:/o:redhat:rhel_aus:5.9	RHSA-2017:2802	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 5 Extended Lifecycle Support
kernel-0:2.6.18-423.el5	cpe:/o:redhat:rhel_els:5	RHSA-2017:2801	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6
kernel-0:2.6.32-696.10.3.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2017:2795	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.2 Advanced Update Support
kernel-0:2.6.32-220.76.1.el6	cpe:/o:redhat:rhel_mission_critical:6.2	RHSA-2017:2800	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.4 Advanced Update Support
kernel-0:2.6.32-358.84.1.el6	cpe:/o:redhat:rhel_aus:6.4	RHSA-2017:2799	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.85.1.el6	cpe:/o:redhat:rhel_aus:6.5	RHSA-2017:2798	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.5 Telco Extended Update Support
kernel-0:2.6.32-431.85.1.el6	cpe:/o:redhat:rhel_tus:6.5	RHSA-2017:2798	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
kernel-0:2.6.32-504.63.3.el6	cpe:/o:redhat:rhel_aus:6.6	RHSA-2017:2797	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.6 Telco Extended Update Support
kernel-0:2.6.32-504.63.3.el6	cpe:/o:redhat:rhel_tus:6.6	RHSA-2017:2797	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 6.7 Extended Update Support
kernel-0:2.6.32-573.48.1.el6	cpe:/o:redhat:rhel_eus:6.7	RHSA-2017:2796	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 7
kernel-0:3.10.0-693.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:1842	2017-08-01T00:00:00Z
Red Hat Enterprise Linux 7.2 Extended Update Support
kernel-0:3.10.0-327.59.3.el7	cpe:/o:redhat:rhel_eus:7.2	RHSA-2017:2794	2017-09-26T00:00:00Z
Red Hat Enterprise Linux 7.3 Extended Update Support
kernel-0:3.10.0-514.32.3.el7	cpe:/o:redhat:rhel_eus:7.3	RHSA-2017:2793	2017-09-26T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Sept. 9, 2024.

The EPSS score is 0.56988.

Exploitation active

Automatable no

Technical Impact total

References

Link	Providers
http://www.securityfocus.com/bid/101010
http://www.securitytracker.com/id/1039434
https://access.redhat.com/errata/RHSA-2017:2793
https://access.redhat.com/errata/RHSA-2017:2794
https://access.redhat.com/errata/RHSA-2017:2795
https://access.redhat.com/errata/RHSA-2017:2796
https://access.redhat.com/errata/RHSA-2017:2797
https://access.redhat.com/errata/RHSA-2017:2798
https://access.redhat.com/errata/RHSA-2017:2799
https://access.redhat.com/errata/RHSA-2017:2800
https://access.redhat.com/errata/RHSA-2017:2801
https://access.redhat.com/errata/RHSA-2017:2802
https://nvd.nist.gov/vuln/detail/CVE-2017-1000253
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-1000253
https://www.cve.org/CVERecord?id=CVE-2017-1000253
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt

History

Wed, 22 Oct 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-1000253
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-1000253

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-1000253

Tue, 10 Sep 2024 05:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Subscriptions

Centos Centos

Linux Linux Kernel

Redhat Enterprise Linux Rhel Aus Rhel Els Rhel Eus Rhel Mission Critical Rhel Tus

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-04T01:00:00.000Z

Updated: 2025-10-21T23:55:32.192Z

Reserved: 2017-10-03T00:00:00.000Z

Link: CVE-2017-1000253

Vulnrichment

Updated: 2024-08-05T22:00:39.693Z

NVD

Status : Analyzed

Published: 2017-10-05T01:29:04.790

Modified: 2026-04-21T18:00:48.183

Link: CVE-2017-1000253

Redhat

Severity : Important

Publid Date: 2017-09-26T00:00:00Z

Links: CVE-2017-1000253 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object