PT-2017-15055 · Linux+3 · Linux Kernel+3

Jann Horn

Published

2017-12-23

Updated

2021-12-06

CVE-2017-17864

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.14.9

Description The issue allows local users to obtain potentially sensitive address information due to a "pointer leak" caused by mishandling states equal comparisons between the pointer data type and the UNKNOWN VALUE data type in kernel/bpf/verifier.c.

Recommendations For Linux kernel versions prior to 4.14.9, update to version 4.14.9 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2018-1016

ALT-PU-2018-1991

CVE-2017-17864

DSA-4073-1

MGASA-2018-0062

MGASA-2018-0063

MGASA-2018-0064

OPENSUSE-SU-2018_0408-1

SUSE-SU-2018:0383-1

SUSE-SU-2018:0416-1

SUSE-SU-2018:0482-1

SUSE-SU-2018:0986-1

SUSE-SU-2021:3935-1

USN-3523-1

USN-3523-2

USN-3523-3

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2017-15055 · Linux+3 · Linux Kernel+3

CVE-2017-17864

Weakness Enumeration

Related Identifiers

Affected Products

References · 370