Bugzilla – Bug 1033458
VUL-0: CVE-2017-7286: kernel-source: Inode integer overflow
Last modified: 2017-04-13 11:27:36 UTC
rh#1440871 The Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS mishandles a series of mmap system calls for /dev/zero with different starting addresses, with a stated impact of "allowing for a local user to possibly gain root access," aka an "inode integer overflow." References: https://bugzilla.redhat.com/show_bug.cgi?id=1440871 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7286 https://packetstormsecurity.com/files/141930/Linux-3.16.0-28-Integer-Overflow.html
Created attachment 720674 [details] CVE-2017-7286.c QA RERPODUCER: gcc -o CVE-2017-7286 CVE-2017-7286.c -Wall -O2 -pie -fPIE ./CVE-2017-7286 (using PIE to get a higher startaddress to avoid itself overwriting its own code)
Does not show bad behaviour on Tumbleweed.
The reporter likely crashed its own main() in the packetstorm report, as the mmap() will overwrite main() pretty soon.
(I call bullshit on this report :( )
I emailed the reporter and he has no other proof than his reproducer crashing. I asked Mitre to REJECT the CVE.