CVE-2017-16994

medium

Description

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2

http://www.securityfocus.com/bid/101969

https://access.redhat.com/errata/RHSA-2018:0502

https://bugs.chromium.org/p/project-zero/issues/detail?id=1431

https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c

https://usn.ubuntu.com/3617-1/

https://usn.ubuntu.com/3617-2/

https://usn.ubuntu.com/3617-3/

https://usn.ubuntu.com/3619-1/

https://usn.ubuntu.com/3619-2/

https://usn.ubuntu.com/3632-1/

https://www.exploit-db.com/exploits/43178/

Details

Source: MITRE

Published: 2017-11-27

Updated: 2018-04-25

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM