QwikSec

Security Database

CVE

CWE

Training

CVE-2017-6001

Published: Feb 18, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=1422825

x_refsource_CONFIRM

https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7

x_refsource_CONFIRM

https://source.android.com/security/bulletin/pixel/2017-11-01

x_refsource_CONFIRM

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20170216 Linux: CVE-2017-6001: Incomplete fix for CVE-2016-6786: perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2017-6001 - Security Vulnerability | QwikSec