Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-13305

Опубликовано: 08 июн. 2017
Источник: redhat
CVSS3: 5.5

Описание

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2018:067610.04.2018
Red Hat Enterprise Linux 7kernelFixedRHSA-2018:106210.04.2018
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2018:216510.07.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1581637kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-13305

CVSS3: 7.1
ubuntu
около 7 лет назад

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

nvd логотип

CVE-2017-13305

CVSS3: 7.1
nvd
около 7 лет назад

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

debian логотип

CVE-2017-13305

CVSS3: 7.1
debian
около 7 лет назад

A information disclosure vulnerability in the Upstream kernel encrypte ...

github логотип

GHSA-2fvp-7f4c-65qh

CVSS3: 7.1
github
около 3 лет назад

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

oracle-oval логотип

ELSA-2019-4619

oracle-oval
около 6 лет назад

ELSA-2019-4619: Unbreakable Enterprise kernel security update (IMPORTANT)

5.5 Medium

CVSS3