vulnerability

Ubuntu: USN-3246-1 (CVE-2017-6964): Eject vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Mar 27, 2017	Mar 28, 2017	Aug 18, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Mar 27, 2017

Added

Mar 28, 2017

Modified

Aug 18, 2025

Description

Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid
and setgid return values. A local attacker could use this issue to execute code
as an administrator.

Solution

ubuntu-upgrade-eject

References

CVE-2017-6964
https://attackerkb.com/topics/CVE-2017-6964
CWE-252
DEBIAN-DLA-876-1
DEBIAN-DSA-3823
NVD-CVE-2017-6964
UBUNTU-USN-3246-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today