SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAn issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (CVE-2018-17972)
BIG-IP and Traffix SDC
Local attackers can exploit this vulnerability to obtain sensitive information from the affected system.
BIG-IQ, Enterprise Manager, and F5 iWorkflow
There is no impact on theseF5 products; theyare not affected by this vulnerability.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K27673650.