Security readout for executives and security teams
Plain-English summary
This is a local availability risk in Gentoo's SmokePing packaging. If an attacker already controls the smokeping user, they may cause other processes to be stopped when the SmokePing service is stopped. It is not described as remote unauthenticated compromise.
Executive priority
Handle during normal vulnerability remediation unless SmokePing runs on critical production hosts or the smokeping account is exposed. The main business risk is local service disruption, not data theft or remote takeover.
Technical view
Gentoo's SmokePing ebuild through smokeping-2.7.3-r1 used an initscript PID file writable by the smokeping user. Arbitrary PID values in that file can cause denial of service to arbitrary PIDs during service stop. The CVE maps to CWE-377 and CVSS 3.1 score 6.5.
Likely exposure
Exposure is most likely on Gentoo systems running the affected SmokePing ebuild through smokeping-2.7.3-r1. The source bundle's affected-product metadata is incomplete, so do not assume broader SmokePing exposure without vendor confirmation.
Exploitation context
The CVE requires low privileges as the smokeping user. The provided sources do not show CISA KEV listing or active exploitation evidence. Impact is availability only, but arbitrary process disruption could affect monitoring or adjacent services.
Researcher notes
Evidence supports a Gentoo packaging flaw, not necessarily an upstream SmokePing defect. The affected metadata in the bundle is sparse. Validate against Gentoo advisory and local package state before scoping enterprise exposure.
Mitigation direction
- Review Gentoo GLSA-202209-08 for vendor-directed remediation.
- Update affected Gentoo SmokePing packages according to Gentoo guidance.
- Limit access paths to the smokeping user account.
- Prioritize systems where SmokePing runs near critical services.
Validation and detection
- Inventory Gentoo hosts running SmokePing packages.
- Identify versions through smokeping-2.7.3-r1 as potentially affected.
- Check whether the SmokePing initscript PID file is writable by smokeping.
- Confirm remediation status against Gentoo GLSA-202209-08.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-377: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2017-20147 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Medium
- CVSS
- 6.5 (3.1)
- Known Exploited
- No
- Published
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H2.83.6Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
6.5MediumVector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source materials
- CVE List V5 sourceCVE List V5
- https://bugs.gentoo.org/631140CVE reference · x_refsource_MISC
- GLSA-202209-08CVE reference · vendor-advisory, x_refsource_GENTOO
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Insecure Temporary File
Insecure Temporary File represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
