CVE & CISA-KEV Catalog

CVE-2017-1000371

HIGHEPSS 82th pctl
7.8
CVSS v3
NVD

Description

The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems.

How to fix

Remediation Available
linuxDebian
Fixed in:4.11.11-1CVE-2017-1000371
Fixed in:4.11.11-1CVE-2017-1000371
Fixed in:4.11.11-1CVE-2017-1000371
Fixed in:4.11.11-1CVE-2017-1000371

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

2.43%probability of exploitation in 30 days
82ndpercentile

Elevated risk: more likely to be exploited than 82% of all known CVEs.

References

Embed a live status badge for CVE-2017-1000371
CVE-2017-1000371 severity badge

Markdown

[![CVE-2017-1000371](https://tridentstack.com/cve/badge/CVE-2017-1000371.svg)](https://tridentstack.com/cve/CVE-2017-1000371)

HTML

<a href="https://tridentstack.com/cve/CVE-2017-1000371"><img src="https://tridentstack.com/cve/badge/CVE-2017-1000371.svg" alt="CVE-2017-1000371"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-05-13.