CVE-2017-18550

Опубликовано: 18 авг. 2019

Источник: redhat

CVSS3: 5.5

Описание

An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.

A flaw was found in drivers/scsi/aacraid/commctrl.c in the Linux kernel, where there is potential exposure of kernel stack memory because the aac_get_hba_info function, does not initialize the hbainfo structure. An attacker with relevant permissions can issue ioctl to an aacraid device.

Меры по смягчению последствий

There is no known mitigation to this flaw, preventing users being able to issue an ioctl to this device by removing the relevant permissions to do so will limit the information exposure.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Out of support scope
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1757375kernel: information exposure in drivers/scsi/aacraid/commctrl.c

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-18550

CVSS3: 5.5

ubuntu

больше 6 лет назад

CVE-2017-18550

CVSS3: 5.5

nvd

больше 6 лет назад

CVE-2017-18550

CVSS3: 5.5

debian

больше 6 лет назад

An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linu ...

GHSA-54wj-r2p9-8869

CVSS3: 5.5

github

больше 3 лет назад

5.5 Medium

CVSS3