Buffer Overflow Affecting kernel-uek-debug package, versions <0:2.6.39-400.297.12.el5uek
Threat Intelligence
EPSS
0.04% (6th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ORACLE5-KERNELUEKDEBUG-2523482
- published 10 Apr 2022
- disclosed 20 Jul 2017
Introduced: 20 Jul 2017
CVE-2017-11473 Open this link in a new tabHow to fix?
Upgrade Oracle:5
kernel-uek-debug
to version 0:2.6.39-400.297.12.el5uek or higher.
This issue was patched in ELSA-2017-3637
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-debug
package and not the kernel-uek-debug
package as distributed by Oracle
.
See How to fix?
for Oracle:5
relevant fixed versions and status.
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
References
- https://linux.oracle.com/cve/CVE-2017-11473.html
- https://linux.oracle.com/errata/ELSA-2017-3636.html
- https://linux.oracle.com/errata/ELSA-2017-3637.html
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c
- http://www.securityfocus.com/bid/100010
- https://source.android.com/security/bulletin/pixel/2018-01-01
- https://access.redhat.com/errata/RHSA-2018:0654
- https://usn.ubuntu.com/3754-1/
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad5ab0db8deac535d03e3fe3d8f2892173fa6a4
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=96301209473afd3f2f274b91cb7082d161b9be65
CVSS Scores
version 3.1