Bug 1440871 (CVE-2017-7286) - CVE-2017-7286 kernel: Inode integer overflow
Summary: CVE-2017-7286 kernel: Inode integer overflow
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-7286
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1440872
Blocks: 1440874
TreeView+ depends on / blocked
 
Reported: 2017-04-10 16:11 UTC by Adam Mariš
Modified: 2021-02-17 02:21 UTC (History)
34 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-04-20 15:11:34 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2017-04-10 16:11:19 UTC 
The Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS mishandles a series of mmap system calls for /dev/zero with different starting addresses, with a stated impact of "allowing for a local user to possibly gain root access," aka an "inode integer overflow."

External References:

https://packetstormsecurity.com/files/141930/Linux-3.16.0-28-Integer-Overflow.html
Comment 1 Adam Mariš 2017-04-10 16:12:36 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1440872]
Comment 2 Vladis Dronov 2017-04-20 15:11:34 UTC 
Statement:

MITRE has rejected this CVE as the flaw was not confirmed:

https://nvd.nist.gov/vuln/detail/CVE-2017-7286

https://bugzilla.novell.com/show_bug.cgi?id=1033458#c5

None of the Red Hat products is vulnerable to this not-a-flaw.
Note You need to log in before you can comment on or make changes to this bug.