CVE-2017-2616

Published: Jul 27, 2018

Modified: Jun 9, 2025

PUBLISHED

CVSS v3.0

5.5

MEDIUM

Description

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

Vendor	Product	Versions
Linux	util-linux	affected `2.32.1`

Weaknesses (CWE)

CWE-267

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616

x_refsource_CONFIRM

96404

vdb-entry

x_refsource_BID

RHSA-2017:0907

vendor-advisory

x_refsource_REDHAT

RHSA-2017:0654

vendor-advisory

x_refsource_REDHAT

GLSA-201706-02

vendor-advisory

x_refsource_GENTOO

DSA-3793

vendor-advisory

x_refsource_DEBIAN

https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891

x_refsource_CONFIRM

1038271

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-2616

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References