每日一PATCH——CVE-2017-17052

漏洞链接

https://nvd.nist.gov/vuln/detail/CVE-2017-17052

bugzilla链接

https://bugzilla.redhat.com/show_bug.cgi?id=1518632

patch链接

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b7e8665b4ff51c034c55df3cff76518d1a9ee3a

漏洞分析

漏洞成因

The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process’s mm_struct, allowing a local attacker to achieve a use-after-free condition and to induce a kernel memory corruption on the system, leading to a crash or possibly have unspecified other impact by running a specially crafted program. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we feel it is unlikely.

新进程的mm_struct对象中的exe_file成员没有被及时清除，所以会被使用发生use-after-free漏洞。

patch分析

patch如下图：

所以该patch的类型是将悬挂指针置为null。