CVE-2017-2616
MEDIUM4.7EPSS 0.06%shadow - security update
Published: 7/27/2018Modified: 4/28/2026
Description
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
Affected packages (4)
- Debian/coreutilsfrom 0, < 8.20-1
- Debian/shadowfrom 0, < 1:4.4-4
- Debian/shadowfrom 0, < 1:4.1.5.1-1+deb7u1
- Debian/util-linuxfrom 0, < 2.29.2-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.7 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |