Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16994

Опубликовано: 15 нояб. 2017
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

The walk_hugetlb_range() function in 'mm/pagewalk.c' file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges. This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2, as a code with the flaw is not present in the products listed. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE in the "kernel-alt" packages.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2018:050213.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1518155kernel: mm/pagewalk.c: walk_hugetlb_range function mishandles holes in hugetlb ranges causing information leak

EPSS

Процентиль: 89%
0.048
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-16994

CVSS3: 5.5
ubuntu
больше 7 лет назад

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

nvd логотип

CVE-2017-16994

CVSS3: 5.5
nvd
больше 7 лет назад

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

debian логотип

CVE-2017-16994

CVSS3: 5.5
debian
больше 7 лет назад

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel b ...

github логотип

GHSA-3h5j-qwmx-f9m6

CVSS3: 5.5
github
около 3 лет назад

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

oracle-oval логотип

ELSA-2018-4108

oracle-oval
около 7 лет назад

ELSA-2018-4108: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 89%
0.048
Низкий

3.3 Low

CVSS3