Follow @discotekdotca
CVE-2017-16994
Current Description
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
Basic Data
| Published | November 27, 2017 |
|---|---|
| Last Modified | April 25, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-200 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:L/AC:L/Au:N/C:P/I:N/A:N |
| CVSS 2 - Access Vector | LOCAL |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | PARTIAL |
| CVSS 2 - Availability Impact | NONE |
| CVSS 2 - Base Score | 2.1 |
| Severity | LOW |
| Exploitability Score | 3.9 |
| Impact Score | 2.9 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
| CVSS 3 - Version | 3.0 |
|---|---|
| CVSS 3 - Vector String | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVSS 3 - Attack Vector | LOCAL |
| CVSS 3 - Attack Complexity | LOW |
| CVSS 3 - Privileges Required | LOW |
| CVSS 3 - User Interaction | NONE |
| CVSS 3 - Scope | UNCHANGED |
| CVSS 3 - Confidentiality Impact | HIGH |
| CVSS 3 - Integrity Impact | NONE |
| CVSS 3 - Availability Impact | NONE |
| CVSS 3 - Base Score | 5.5 |
| CVSS 3 - Base Severity | MEDIUM |
| Exploitability Score | 1.8 |
| Base Severity | MEDIUM |
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 OS Linux Linux Kernel * * * * * * * * � � � 4.14.2
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | * |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c | http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d412 | CONFIRM | Patch |
| http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2 | http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2 | CONFIRM | Release Notes |
| 101969 | http://www.securityfocus.com/bid/101969 | BID | Third Party Advisory VDB Entry |
| RHSA-2018:0502 | https://access.redhat.com/errata/RHSA-2018:0502 | REDHAT | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 | https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 | CONFIRM | Exploit Issue Tracking Patch |
| https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c | https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c | CONFIRM | Patch |
| USN-3617-1 | https://usn.ubuntu.com/3617-1/ | UBUNTU | |
| USN-3617-2 | https://usn.ubuntu.com/3617-2/ | UBUNTU | |
| USN-3617-3 | https://usn.ubuntu.com/3617-3/ | UBUNTU | |
| USN-3619-1 | https://usn.ubuntu.com/3619-1/ | UBUNTU | |
| USN-3619-2 | https://usn.ubuntu.com/3619-2/ | UBUNTU | |
| USN-3632-1 | https://usn.ubuntu.com/3632-1/ | UBUNTU | |
| 43178 | https://www.exploit-db.com/exploits/43178/ | EXPLOIT-DB | Exploit Third Party Advisory VDB Entry |