⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-09-30.

CVE-2017-1000253Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents12 sources
Severity
7.8HIGHNVD
EPSS
54.2%
top 1.97%
CISA KEV
KEVRansomware
Added 2024-09-09
Due 2024-09-30
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Linux KernelDebian LinuxCentos+1 more
Timeline
PublishedOct 5
KEV addedSep 9
KEV dueSep 30
Latest updateFeb 2
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel2.6.253.2.70+8
Debianlinux/linux_kernel< 4.0.2-1+3
debiandebian/linux< linux 4.0.2-1 (bookworm)
NVDcentos/centos14 versions+13

Also affects: Enterprise Linux 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 7.0, 7.1, 7.2, 7.3

Patches

Patch: www.qualys.comPatch: www.qualys.com

🔴Vulnerability Details

5
GHSA
GHSA-rm92-8pw8-34fm: Linux distributions that have not patched their long-term kernels with https://git2022-05-17
Kernel
binfmt_elf: reintroduce using MAP_FIXED_NOREPLACE2021-11-08
Kernel
fs, elf: drop MAP_FIXED usage from elf_map2018-04-10
OSV
CVE-2017-1000253: Linux distributions that have not patched their long-term kernels with https://git2017-10-05
VulnCheck
Linux Kernel PIE Stack Buffer Corruption Vulnerability2017

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation2017-09-26

📋Vendor Advisories

3
CISA
Linux Kernel PIE Stack Buffer Corruption Vulnerability2024-09-09
Red Hat
kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary2017-09-26
Debian
CVE-2017-1000253: linux - Linux distributions that have not patched their long-term kernels with https://g...2017

🕵️Threat Intelligence

3
Qualys
Mutagen Astronomy: From Discovery to CISA Recognition—A Seven-Year Journey2026-02-02
Qualys
Mutagen Astronomy: A Linux Vulnerability’s Path to CISA KEV | Qualys2026-02-02
Trendmicro
Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions2021-06-17

💬Community

1
Bugzilla
CVE-2017-1000253 kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary2017-09-15