What is CVE-2017-1000364?

CVE-2017-1000364 is a High severity Linux kernel vulnerability with a CVSS score of 7.4 out of 10, classified as a Buffer Overflow flaw (CWE-119). CVE-2017-1000364 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2017-1000364?

CVE-2017-1000364 has a CVSS score of 7.4 out of 10, rated High severity. The vector string is CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2017-1000364?

No patch is currently available for CVE-2017-1000364. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2017-1000364 actively exploited?

CVE-2017-1000364 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Buffer Overflow (CWE-119)?

The product performs operations on a memory buffer but reads or writes outside its intended boundaries. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/119.html

CVE-2017-1000364

High

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

Package Linux Kernel

Published 2017-06-19

Last modified 2026-05-13

CVSS version 3.0

Patch available

Awaiting data

CVSS 3.0 score

7.4

out of 10

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-119

CVE-2017-1000364 is a Buffer Overflow vulnerability

What is Buffer Overflow?

The product performs operations on a memory buffer but reads or writes outside its intended boundaries. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2017-1000364 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
http://www.debian.org/security/2017/dsa-3886
Securityfocus
http://www.securityfocus.com/bid/99130

Issue Tracking VDB Entry
Securitytracker
http://www.securitytracker.com/id/1038724
Red Hat
https://access.redhat.com/errata/RHSA-2017:1482
Red Hat
https://access.redhat.com/errata/RHSA-2017:1483
Red Hat
https://access.redhat.com/errata/RHSA-2017:1484
Red Hat
https://access.redhat.com/errata/RHSA-2017:1485
Red Hat
https://access.redhat.com/errata/RHSA-2017:1486
Red Hat
https://access.redhat.com/errata/RHSA-2017:1487
Red Hat
https://access.redhat.com/errata/RHSA-2017:1488
Red Hat
https://access.redhat.com/errata/RHSA-2017:1489
Red Hat
https://access.redhat.com/errata/RHSA-2017:1490
Red Hat
https://access.redhat.com/errata/RHSA-2017:1491
Red Hat
https://access.redhat.com/errata/RHSA-2017:1567
Red Hat
https://access.redhat.com/errata/RHSA-2017:1616
Red Hat
https://access.redhat.com/errata/RHSA-2017:1647
Red Hat
https://access.redhat.com/errata/RHSA-2017:1712
Red Hat
https://access.redhat.com/security/cve/CVE-2017-1000364

Third Party Advisory VDB Entry
Kc
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
Kc
https://kc.mcafee.com/corporate/index?page=content&id=SB10207
Support
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
Exploit-DB
https://www.exploit-db.com/exploits/45625/
Qualys
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Third Party Advisory
SUSE
https://www.suse.com/security/cve/CVE-2017-1000364/

Third Party Advisory
SUSE
https://www.suse.com/support/kb/doc/?id=7020973

Third Party Advisory

Details

CVE ID CVE-2017-1000364

Severity High

CVSS score 7.4 / 10

CVSS version 3.0

Published 2017-06-19

Modified 2026-05-13

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2017-1000364?

CVE-2017-1000364 is a High severity Linux kernel vulnerability with a CVSS score of 7.4 out of 10 , classified as a Buffer Overflow flaw (CWE-119) . CVE-2017-1000364 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2017-1000364?

CVE-2017-1000364 has a CVSS score of 7.4 out of 10, rated High severity (CVSS 3.0). The vector string is CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2017-1000364?

No patch is currently available for CVE-2017-1000364. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2017-1000364 actively exploited?

No — CVE-2017-1000364 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Buffer Overflow (CWE-119)?

The product performs operations on a memory buffer but reads or writes outside its intended boundaries. View CWE-119 on MITRE CWE →