VYPR
← All advisories
High severity7.4NVD Advisory· Published Jun 19, 2017· Updated May 13, 2026

CVE-2017-1000364

CVE-2017-1000364

Description

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The Linux kernel's 4k stack guard page can be bypassed by adjacent memory regions, allowing privilege escalation.

Vulnerability

The Linux kernel up to version 4.11.5 contains a vulnerability in the stack guard page mechanism. The guard page, introduced in 2010, is only 4 kilobytes in size. This is insufficient to prevent a "stack clash" where the stack grows into an adjacent memory region (such as the heap or another mapping). An attacker can cause controlled memory corruption by triggering stack expansion that jumps over the guard page [1]. Affected versions are Linux kernel 4.11.5 and earlier [1].

Exploitation

An attacker needs the ability to control memory allocations and manipulate the stack layout, typically through a user-space process. By allocating memory adjacent to the stack and triggering deep recursion or large stack frames, the stack can bypass the 4k guard page and collide with the adjacent region [1]. This requires no special privileges beyond user-level access. The attacker can cause controlled corruption of the stack or the adjacent memory region [1][3].

Impact

Successful exploitation allows an attacker to overwrite memory on the process stack or an adjacent memory region, leading to arbitrary code execution. This can be used to escalate privileges from user to root or to crash the system [1][3][4]. The privilege level achieved is typically root or kernel-level access, depending on the targeted process [1][3].

Mitigation

Red Hat issued updates for Red Hat Enterprise Linux 6 and 7 that increase the stack guard gap size from one page (4k) to 1 MiB, making exploitation more difficult [2][3][4]. The fix was released in kernel version 3.10.0-514.21.2.el7 for RHEL 7 [2] and in corresponding updates for RHEL 6 [3][4]. Users should apply these kernel updates and reboot the system [3]. For other Linux distributions, mitigation may require updating to a kernel version with an increased guard gap. No workaround is available without a kernel update.

References
  1. https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
  2. https://access.redhat.com/errata/RHSA-2017:1484
  3. https://access.redhat.com/errata/RHSA-2017:1486
  4. https://access.redhat.com/errata/RHSA-2017:1485

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

127

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

25

News mentions

0

No linked articles in our index yet.