Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-14991

Опубликовано: 15 сент. 2017
Источник: redhat
CVSS3: 5.5

Описание

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

The sg_ioctl() function in 'drivers/scsi/sg.c' in the Linux kernel, from version 4.12-rc1 to 4.14-rc2, allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for '/dev/sg0'.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2 as a code with the flaw is not present in the products listed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-456
https://bugzilla.redhat.com/show_bug.cgi?id=1500366kernel: Information leak in the scsi driver

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-14991

CVSS3: 5.5
ubuntu
больше 7 лет назад

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

nvd логотип

CVE-2017-14991

CVSS3: 5.5
nvd
больше 7 лет назад

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

debian логотип

CVE-2017-14991

CVSS3: 5.5
debian
больше 7 лет назад

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before ...

github логотип

GHSA-r79m-gm95-v29g

CVSS3: 5.5
github
около 3 лет назад

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

oracle-oval логотип

ELSA-2019-4823

oracle-oval
больше 5 лет назад

ELSA-2019-4823: Unbreakable Enterprise kernel security update (IMPORTANT)

5.5 Medium

CVSS3