PT-2017-13775 · Linux+2 · Linux Kernel+2

Published

2017-10-01

Updated

2018-07-09

CVE-2017-14954

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.13.4

Description The issue allows local users to obtain sensitive information and bypass the KASLR protection mechanism via a crafted system call, due to unintended access to rusage data structures in the waitid implementation.

Recommendations For Linux kernel versions through 4.13.4, update to a version that contains a fix for this issue to prevent local users from obtaining sensitive information and bypassing the KASLR protection mechanism.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-2378

ALT-PU-2018-1991

CVE-2017-14954

USN-3487-1

Affected Products

Alt Linux

Linux Kernel

Ubuntu

PT-2017-13775 · Linux+2 · Linux Kernel+2

CVE-2017-14954

Weakness Enumeration

Related Identifiers

Affected Products

References · 11