CVE-2017-1000253 — Linux Kernel PIE Stack Buffer Corruption Vulnerability

2024-09-09 • CISA Known Exploited Vulnerability

[event] Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.

> AFFECTED SOFTWARE

Field	Value
Vendor	Linux
Product	Kernel
CWE	CWE-119
CVE ID	CVE-2017-1000253
Date Added	2024-09-09
Due Date	2024-09-30
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-09-30

> REFERENCES

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8...
[2] https://nvd.nist.gov/vuln/detail/CVE-2017-1000253