CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Sep 30, 2024

CVE-2017-1000253

High

EPSS 54.2%CISA KEVRansomware

Description

Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.

EPSS — Exploit Probability

54.2%

Higher than 98.0% of all CVEs

Required Action

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86; https://nvd.nist.gov/vuln/detail/CVE-2017-1000253

Risk Assessment

CRITICAL

In CISA KEV

High EPSS

Ransomware

Details

Severity: High
EPSS: 54.2%
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Sep 9, 2024

Added to KEV

Sep 9, 2024

Remediation Due

Sep 30, 2024

Affected Product

Linux

Kernel

View all Linux CVEs

External Links

NVD (NIST)CVE Details MITRE CVE