PT-2018-6841 · Linux+5 · Linux Kernel+5

Andrey Konovalov

·

Published

2017-12-21

·

Updated

2023-08-16

·

CVE-2017-18344

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.14.8
Description: The issue arises from improper validation of the sigevent->sigev notify field in the timer create syscall implementation. This leads to out-of-bounds access when the show timer function is called, such as when the /proc/$PID/timers endpoint is read. As a result, userspace applications can read arbitrary kernel memory, but only on kernels built with CONFIG POSIX TIMERS and CONFIG CHECKPOINT RESTORE.
Recommendations: For Linux kernel versions prior to 4.14.8, update to version 4.14.8 or later to resolve the issue.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2017-2819
ALT-PU-2018-1991
CESA-2018_3083
CVE-2017-18344
ELSA-2018-3083
ELSA-2018-4196
ELSA-2018-4211
ELSA-2018-4214
MGASA-2018-0062
MGASA-2018-0063
MGASA-2018-0064
OPENSUSE-SU-2018_2242-1
OPENSUSE-SU-2018_2404-1
RHSA-2018:2948
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018:3459
RHSA-2018:3540
RHSA-2018:3586
RHSA-2018:3590
RHSA-2018:3591
RHSA-2018_3083
RHSA-2018_3096
SUSE-SU-2018:2222-1
SUSE-SU-2018:2223-1
SUSE-SU-2018:2328-1
SUSE-SU-2018:2344-1
SUSE-SU-2018:2344-2
SUSE-SU-2018:2374-1
SUSE-SU-2018:2387-1
SUSE-SU-2018:2391-1
SUSE-SU-2018:2413-1
SUSE-SU-2018:2416-1
SUSE-SU-2018:2472-1
SUSE-SU-2018:2474-1
SUSE-SU-2018:2596-1
SUSE-SU-2018_2222-1
SUSE-SU-2018_2223-1
SUSE-SU-2018_2328-1
SUSE-SU-2018_2344-1
SUSE-SU-2018_2344-2
SUSE-SU-2018_2374-1
SUSE-SU-2018_2387-1
SUSE-SU-2018_2391-1
SUSE-SU-2018_2416-1
SUSE-SU-2018_2472-1
SUSE-SU-2018_2474-1
SUSE-SU-2023:3333-1
SUSE-SU-2023_3333-1
USN-3742-1
USN-3742-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu