CVE-2017-16994

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2

http://www.securityfocus.com/bid/101969

https://access.redhat.com/errata/RHSA-2018:0502

https://bugs.chromium.org/p/project-zero/issues/detail?id=1431

https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c

https://usn.ubuntu.com/3617-1/

https://usn.ubuntu.com/3617-2/

https://usn.ubuntu.com/3617-3/

https://usn.ubuntu.com/3619-1/

https://usn.ubuntu.com/3619-2/

https://usn.ubuntu.com/3632-1/

https://www.exploit-db.com/exploits/43178/

Details

Source: MITRE

Published: 2017-11-27

Updated: 2018-04-25

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
124991EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1538)NessusHuawei Local Security Checks
critical
109828Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4108)NessusOracle Linux Local Security Checks
high
109316Ubuntu 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3632-1)NessusUbuntu Local Security Checks
high
108878Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)NessusUbuntu Local Security Checks
high
108842Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)NessusUbuntu Local Security Checks
high
108840Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)NessusUbuntu Local Security Checks
high
108835Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2)NessusUbuntu Local Security Checks
high
108834Ubuntu 17.10 : linux vulnerabilities (USN-3617-1)NessusUbuntu Local Security Checks
high
105930Fedora 27 : kernel (2017-92a0ae09aa)NessusFedora Local Security Checks
medium
105461SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3410-1)NessusSuSE Local Security Checks
high
105460SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3398-1)NessusSuSE Local Security Checks
high
105422Amazon Linux AMI : kernel (ALAS-2017-937) (Dirty COW)NessusAmazon Linux Local Security Checks
high
105364openSUSE Security Update : the Linux Kernel (openSUSE-2017-1391) (Dirty COW)NessusSuSE Local Security Checks
high
105344openSUSE Security Update : the Linux Kernel (openSUSE-2017-1390) (Dirty COW)NessusSuSE Local Security Checks
high
104979Fedora 25 : kernel (2017-905bb449bc)NessusFedora Local Security Checks
medium
104943Fedora 26 : kernel (2017-f9f3d80442)NessusFedora Local Security Checks
medium