PT-2017-1180 · Linux+2 · Linux Kernel+2
Alan J. Wylie
·
Publicado
2017-01-14
·
Atualizado
2017-07-21
·
CVE-2017-5550
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.9.5
Description
The issue is related to an error in the
pipe advance function in the Linux kernel, which can allow local users to obtain sensitive information from uninitialized heap-memory locations in certain circumstances. This can occur when reading from a pipe after an incorrect buffer-release decision. The estimated number of potentially affected devices worldwide is not specified.Recommendations
For Linux kernel versions prior to 4.9.5, update to version 4.9.5 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
pipe advance function in the Linux kernel until a patch is available.Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Linux Kernel
Ubuntu