CVE-2017-2616 MEDIUM

CVE-2017-2616

Vendor Linux
Product util-linux
Weakness CWE-267
Published July 27, 2018
Last update June 9, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

Key dates

02Disclosure timeline

July 27, 2018 CVE published
June 9, 2025 Record updated