CVE-2017-18344

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).

References

http://www.securityfocus.com/bid/104909

http://www.securitytracker.com/id/1041414

https://access.redhat.com/errata/RHSA-2018:2948

https://access.redhat.com/errata/RHSA-2018:3083

https://access.redhat.com/errata/RHSA-2018:3096

https://access.redhat.com/errata/RHSA-2018:3459

https://access.redhat.com/errata/RHSA-2018:3540

https://access.redhat.com/errata/RHSA-2018:3586

https://access.redhat.com/errata/RHSA-2018:3590

https://access.redhat.com/errata/RHSA-2018:3591

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8

https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe

https://usn.ubuntu.com/3742-1/

https://usn.ubuntu.com/3742-2/

https://www.exploit-db.com/exploits/45175/

Details

Source: MITRE

Published: 2018-07-26

Updated: 2020-10-15

Type: CWE-125

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
151461F5 Networks BIG-IP : Linux kernel vulnerability (K07020416)NessusF5 Networks Local Security Checks
medium
127233NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0049)NessusNewStart CGSL Local Security Checks
high
127222NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0044)NessusNewStart CGSL Local Security Checks
high
124980EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1527)NessusHuawei Local Security Checks
critical
124825EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1502)NessusHuawei Local Security Checks
high
123260openSUSE Security Update : the Linux Kernel (openSUSE-2019-597)NessusSuSE Local Security Checks
medium
120071SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2223-1)NessusSuSE Local Security Checks
medium
119565EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1406)NessusHuawei Local Security Checks
high
119187Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
high
119112RHEL 6 : MRG (RHSA-2018:3586)NessusRed Hat Local Security Checks
high
119060EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1369)NessusHuawei Local Security Checks
medium
118990CentOS 7 : kernel (CESA-2018:3083)NessusCentOS Local Security Checks
high
118948RHEL 7 : kernel (RHSA-2018:3591)NessusRed Hat Local Security Checks
high
118947RHEL 7 : kernel (RHSA-2018:3590)NessusRed Hat Local Security Checks
high
118946RHEL 7 : kernel (RHSA-2018:3540)NessusRed Hat Local Security Checks
high
118785RHEL 7 : kernel (RHSA-2018:3459)NessusRed Hat Local Security Checks
medium
118770Oracle Linux 7 : kernel (ELSA-2018-3083)NessusOracle Linux Local Security Checks
high
118743EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1360)NessusHuawei Local Security Checks
high
118528RHEL 7 : kernel-rt (RHSA-2018:3096)NessusRed Hat Local Security Checks
high
118525RHEL 7 : kernel (RHSA-2018:3083)NessusRed Hat Local Security Checks
high
118513RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)NessusRed Hat Local Security Checks
high
118283SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-2) (Foreshadow)NessusSuSE Local Security Checks
high
117513Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4214)NessusOracle Linux Local Security Checks
high
117446Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4211)NessusOracle Linux Local Security Checks
high
112016SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2416-1) (Foreshadow)NessusSuSE Local Security Checks
high
111997openSUSE Security Update : the Linux Kernel (openSUSE-2018-885) (Foreshadow)NessusSuSE Local Security Checks
high
111842SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2391-1) (Foreshadow)NessusSuSE Local Security Checks
high
111839SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2387-1) (Foreshadow)NessusSuSE Local Security Checks
high
111837SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2374-1) (Foreshadow)NessusSuSE Local Security Checks
high
111815SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-1) (Foreshadow)NessusSuSE Local Security Checks
high
111773OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0247) (Foreshadow)NessusOracleVM Local Security Checks
medium
111753Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3742-1) (Foreshadow)NessusUbuntu Local Security Checks
high
111746SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2328-1) (Foreshadow)NessusSuSE Local Security Checks
high
111726Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4196)NessusOracle Linux Local Security Checks
medium
111642Virtuozzo 7 : readykernel-patch (VZA-2018-052)NessusVirtuozzo Local Security Checks
medium
111590openSUSE Security Update : the Linux Kernel (openSUSE-2018-826)NessusSuSE Local Security Checks
high
111582Virtuozzo 7 : readykernel-patch (VZA-2018-050)NessusVirtuozzo Local Security Checks
medium