Описание
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Release NotesVendor Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatch
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Release NotesVendor Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatch
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision.
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision.
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the ...
Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision.
Уязвимость операционной системы Linux, позволяющая нарушителю получить конфиденциальную информацию
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2