#VU8828 Privilege escalation in Linux kernel - CVE-2017-5123
Published: October 14, 2017 / Updated: August 23, 2023
Vulnerability identifier: #VU8828
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-5123
CWE-ID: CWE-391
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 does not check that the incoming argument points to the userspace. This can allow local users to write directly to kernel memory, which could lead to privilege escalation.
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 does not check that the incoming argument points to the userspace. This can allow local users to write directly to kernel memory, which could lead to privilege escalation.
Remediation
Install update from vendor's repository.