PT-2017-16795 · Linux+2 · Linux Kernel+2

Xing Gao

Published

2017-02-14

Updated

2021-04-13

CVE-2017-5967

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.9.10

Description The issue allows local users to discover real PID values by reading the /proc/timer list file. This is related to the print timer function in kernel/time/timer list.c and the timer stats timer set start info function in kernel/time/timer.c.

Recommendations For Linux kernel versions prior to 4.9.10, update to version 4.9.10 or later to resolve the issue. As a temporary workaround, consider disabling the CONFIG TIMER STATS configuration to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-1169

ALT-PU-2017-1330

CVE-2017-5967

USN-4904-1

Affected Products

Alt Linux

Linux Kernel

Ubuntu

PT-2017-16795 · Linux+2 · Linux Kernel+2

CVE-2017-5967

Weakness Enumeration

Related Identifiers

Affected Products

References · 22