WID-SEC-W-2024-2078
Vulnerability from csaf_certbund - Published: 2017-09-26 22:00 - Updated: 2026-05-25 22:00Summary
Linux Kernel: Schwachstelle ermöglicht Privilegieneskalation
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erhöhen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Server AUS 7.3 x86_64
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7.3_x86_64
|
7.3 x86_64 | |
|
Red Hat Enterprise Linux 5.9
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:v.5.9:server:long_life
|
5.9 | |
|
Red Hat Enterprise Linux Server EUS 7.2 x86_64
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7.2_x86_64
|
7.2 x86_64 | |
|
Red Hat Enterprise Linux Server AUS 6.5 x86_64
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6.5_x86_64
|
6.5 x86_64 | |
|
SUSE Linux Enterprise Server SP3 LTSS
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:11:sp3:ltss
|
SP3 LTSS | |
|
Red Hat Enterprise Linux Server EUS 6.7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6.7
|
6.7 | |
|
Red Hat Enterprise Linux Server AUS 6.4 x86_64
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6.4_x86_64
|
6.4 x86_64 | |
|
Red Hat Enterprise Linux Server AUS 6.2 x86_64
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6.2_x86_64
|
6.2 x86_64 | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Red Hat Enterprise Linux Server AUS 7.2 x86_64
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7.2_x86_64
|
7.2 x86_64 | |
|
Red Hat Enterprise Linux Server EUS 7.3 x86_64
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7.3_x86_64
|
7.3 x86_64 | |
|
Red Hat Enterprise Linux 5
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:5
|
5 | |
|
Red Hat Enterprise Linux Desktop 6
Red Hat / Enterprise Linux Desktop
|
cpe:/o:redhat:enterprise_linux_desktop:6
|
6 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp Data ONTAP Edge
NetApp / Data ONTAP
|
cpe:/a:netapp:data_ontap:edge
|
Edge | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Open Source CentOS
Open Source
|
cpe:/o:centos:centos:-
|
— | |
|
Red Hat Enterprise Linux Server 6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6
|
6 | |
|
Red Hat Enterprise Linux Server AUS 6.6 x86_64
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6.6_x86_64
|
6.6 x86_64 | |
|
SUSE Linux Enterprise Server SP4
SUSE / Linux Enterprise Server
|
cpe:/o:suse:linux_enterprise_server:11-sp4
|
SP4 |
References
26 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2078 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-2078.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2078 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2078"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2799 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2799"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2794 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2794"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2793 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2793"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2796 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2796"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2798 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2798"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2797 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2797"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2795 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2795"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2800 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2800"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2801 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2801"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:2802 vom 2017-09-26",
"url": "https://access.redhat.com/errata/RHSA-2017:2802"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-2795 vom 2017-09-28",
"url": "http://linux.oracle.com/errata/ELSA-2017-2795.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-2801 vom 2017-10-07",
"url": "http://linux.oracle.com/errata/ELSA-2017-2801.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2723-1 vom 2017-10-15",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172723-1/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2725-1 vom 2017-10-15",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172725-1/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3200 vom 2017-11-16",
"url": "http://linux.oracle.com/errata/ELSA-2017-3200.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:3165-1 vom 2017-12-01",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173165-1.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2017-3658 vom 2017-12-08",
"url": "http://linux.oracle.com/errata/ELSA-2017-3658.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-4036 vom 2018-02-21",
"url": "http://linux.oracle.com/errata/ELSA-2018-4036.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2018-1854 vom 2018-06-26",
"url": "http://linux.oracle.com/errata/ELSA-2018-1854.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4702 vom 2019-08-04",
"url": "http://linux.oracle.com/errata/ELSA-2019-4702.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2019-4732 vom 2019-08-04",
"url": "http://linux.oracle.com/errata/ELSA-2019-4732.html"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2024-09-09",
"url": "https://www.cisa.gov/news-events/alerts/2024/09/09/cisa-adds-three-known-exploited-vulnerabilities-catalog"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0152-1 vom 2025-01-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020152.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260522-0015 vom 2026-05-22",
"url": "https://security.netapp.com/advisory/NTAP-20260522-0015"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Schwachstelle erm\u00f6glicht Privilegieneskalation",
"tracking": {
"current_release_date": "2026-05-25T22:00:00.000+00:00",
"generator": {
"date": "2026-05-26T11:50:35.801+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2024-2078",
"initial_release_date": "2017-09-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2017-09-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-09-26T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-09-27T22:00:00.000+00:00",
"number": "3",
"summary": "New remediations available"
},
{
"date": "2017-10-08T22:00:00.000+00:00",
"number": "4",
"summary": "New remediations available"
},
{
"date": "2017-10-08T22:00:00.000+00:00",
"number": "5",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-11-15T23:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2017-11-30T23:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2017-12-10T23:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2018-02-21T23:00:00.000+00:00",
"number": "9",
"summary": "New remediations available"
},
{
"date": "2018-06-26T22:00:00.000+00:00",
"number": "10",
"summary": "New remediations available"
},
{
"date": "2019-08-04T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-09-09T22:00:00.000+00:00",
"number": "12",
"summary": "Aktive Ausnutzung gemeldet"
},
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von NetApp aufgenommen"
}
],
"status": "final",
"version": "14"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Edge",
"product": {
"name": "NetApp Data ONTAP Edge",
"product_id": "T054611",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:edge"
}
}
}
],
"category": "product_name",
"name": "Data ONTAP"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "6368",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "5",
"product": {
"name": "Red Hat Enterprise Linux 5",
"product_id": "67748",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5"
}
}
},
{
"category": "product_version",
"name": "5.9",
"product": {
"name": "Red Hat Enterprise Linux 5.9",
"product_id": "T007369",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:v.5.9:server:long_life"
}
}
},
{
"category": "product_version",
"name": "6.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server AUS 6.4 x86_64",
"product_id": "T010850",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6.4_x86_64"
}
}
},
{
"category": "product_version",
"name": "7.3 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server EUS 7.3 x86_64",
"product_id": "T010852",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7.3_x86_64"
}
}
},
{
"category": "product_version",
"name": "7.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server AUS 7.2 x86_64",
"product_id": "T010853",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7.2_x86_64"
}
}
},
{
"category": "product_version",
"name": "7.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server EUS 7.2 x86_64",
"product_id": "T010854",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7.2_x86_64"
}
}
},
{
"category": "product_version",
"name": "7.3 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server AUS 7.3 x86_64",
"product_id": "T010855",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7.3_x86_64"
}
}
},
{
"category": "product_version",
"name": "6.7",
"product": {
"name": "Red Hat Enterprise Linux Server EUS 6.7",
"product_id": "T010856",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6.7"
}
}
},
{
"category": "product_version",
"name": "6.5 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server AUS 6.5 x86_64",
"product_id": "T010857",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6.5_x86_64"
}
}
},
{
"category": "product_version",
"name": "6.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server AUS 6.6 x86_64",
"product_id": "T010858",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6.6_x86_64"
}
}
},
{
"category": "product_version",
"name": "6",
"product": {
"name": "Red Hat Enterprise Linux Server 6",
"product_id": "T010859",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6"
}
}
},
{
"category": "product_version",
"name": "6.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server AUS 6.2 x86_64",
"product_id": "T010861",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6.2_x86_64"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "6",
"product": {
"name": "Red Hat Enterprise Linux Desktop 6",
"product_id": "T010860",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_desktop:6"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux Desktop"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "SP4",
"product": {
"name": "SUSE Linux Enterprise Server SP4",
"product_id": "T005583",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_server:11-sp4"
}
}
},
{
"category": "product_version",
"name": "SP3 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server SP3 LTSS",
"product_id": "T007158",
"product_identification_helper": {
"cpe": "cpe:/o:suse:linux_enterprise_server:11:sp3:ltss"
}
}
}
],
"category": "product_name",
"name": "Linux Enterprise Server"
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-1000253",
"product_status": {
"known_affected": [
"T010855",
"T007369",
"T010854",
"T010857",
"T007158",
"T010856",
"T010850",
"T010861",
"6368",
"T010853",
"T010852",
"67748",
"T010860",
"T004914",
"T054611",
"T002207",
"1727",
"T010859",
"T010858",
"T005583"
]
},
"release_date": "2017-09-26T22:00:00.000+00:00",
"title": "CVE-2017-1000253"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…