漏洞链接
https://nvd.nist.gov/vuln/detail/CVE-2017-17052
bugzilla链接
https://bugzilla.redhat.com/show_bug.cgi?id=1518632
patch链接
漏洞分析
漏洞成因
The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process’s mm_struct, allowing a local attacker to achieve a use-after-free condition and to induce a kernel memory corruption on the system, leading to a crash or possibly have unspecified other impact by running a specially crafted program. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we feel it is unlikely.
新进程的mm_struct对象中的exe_file成员没有被及时清除,所以会被使用发生use-after-free漏洞。
patch分析
patch如下图:
所以该patch的类型是将悬挂指针置为null。