Linux Kernel PIE Stack Buffer Corruption Vulnerability

Critical Threat Advisory: This vulnerability is documented in active Ransomware campaigns. Immediate remediation required.

Technical Severity

CVSS v3.1 Metrics

HIGH

7.8 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation Likelihood

EPSS Prediction

57.21 %

Predictive Probability

Percentile Rank

98.1 th

Documented as more likely to be exploited than 98.1% of known CVEs.

Detection Date

Sep 09, 2024

Remediation Due

Sep 30, 2024

CISA Catalog Active

Threat Analysis

Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.

Remediation Directive

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Asset Context

Vendor Identity

Linux

Affected Product

Kernel

Ransomware Status

Campaign Use Known

Weakness Classification

CWE-119

External Intelligence

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2017-1000253