CVE-2017-3301 Oracle CVE debrief

Who should care

Oracle Solaris 11.3 administrators, especially teams managing systems where local logon access is available; security teams responsible for kernel-level hardening and integrity monitoring; and operators who rely on Solaris-hosted data that would be sensitive to unauthorized modification.

Technical summary

NVD maps this issue to Oracle Solaris 11.3 and classifies it with CVSS 3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (score 3.3). That means the reported attack path is local rather than remote, requires user interaction, and is limited to low integrity impact. The affected component is the Solaris kernel, and the public description does not provide exploit mechanics or a confirmed patch timeline in the supplied corpus.

Defensive priority

Routine: track as a low-severity integrity issue for Solaris 11.3, but prioritize faster if the affected hosts allow broad local access or process sensitive data.

Recommended defensive actions

• Confirm whether any Oracle Solaris 11.3 systems are in scope using asset inventory and the NVD CPE mapping.
• Review Oracle's January 2017 CPU advisory referenced by NVD for vendor remediation guidance.
• Limit local logon access on Solaris systems to trusted administrative users only.
• Apply least-privilege controls and monitor for unexpected integrity changes on Solaris-accessible data.
• Follow normal patch-management and validation procedures for any Oracle Solaris updates addressing the issue.

Evidence notes

This debrief is based only on the supplied CVE description, NVD metadata, and the Oracle CPU January 2017 advisory reference listed in NVD. The corpus shows the affected version as Oracle Solaris 11.3, the component as the kernel, and the CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. No exploit code, proof-of-concept, or active-exploitation evidence was provided in the supplied sources.

Official resources