CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.5%
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of
pmd_mkdirty() in the touch_pmd() function inside the THP implementation.
touch_pmd() can be reached by get_user_pages(). In such case, the pmd will
become dirty. This scenario breaks the new can_follow_write_pmd()'s logic -
pmd can become dirty without going through a COW cycle. This bug is not as
severe as the original βDirty cowβ because an ext4 file (or any other
regular file) cannot be mapped using THP. Nevertheless, it does allow us to
overwrite read-only huge pages. For example, the zero huge page and sealed
shmem files can be overwritten (since their mapping can be populated using
THP). Note that after the first write page-fault to the zero page, it will
be replaced with a new fresh (and zeroed) thp.
Author | Note |
---|---|
smb | Added introducing commit as suggested by RH. We backported that into Trusty and later but not into Precise. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 17.10 | noarch | linux | <Β 4.13.0-19.22 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | <Β 3.13.0-137.186 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | <Β 4.4.0-103.126 | UNKNOWN |
ubuntu | 17.04 | noarch | linux | <Β 4.10.0-42.46 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | <Β 4.4.0-1005.5 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | <Β 4.4.0-1043.52 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | <Β 4.11.0-1016.16 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-gcp | <Β 4.13.0-1002.5 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe | <Β 4.10.0-42.46~16.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe-edge | <Β 4.10.0-42.46~16.04.1 | UNKNOWN |
www.openwall.com/lists/oss-security/2017/11/30/1
bugzilla.redhat.com/show_bug.cgi?id=1516514
launchpad.net/bugs/cve/CVE-2017-1000405
medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0
nvd.nist.gov/vuln/detail/CVE-2017-1000405
security-tracker.debian.org/tracker/CVE-2017-1000405
ubuntu.com/security/notices/USN-3507-1
ubuntu.com/security/notices/USN-3507-2
ubuntu.com/security/notices/USN-3508-1
ubuntu.com/security/notices/USN-3508-2
ubuntu.com/security/notices/USN-3509-1
ubuntu.com/security/notices/USN-3509-2
ubuntu.com/security/notices/USN-3510-1
ubuntu.com/security/notices/USN-3510-2
ubuntu.com/security/notices/USN-3511-1
www.cve.org/CVERecord?id=CVE-2017-1000405
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.5%