SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
When exploited, a local authenticated user may be able to modify some system files or information on an affected F5 system. However, the local authenticated user cannot control which file or information can be modified.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K17241.