CVE-2017-16994
N/A
N/A
Summary
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3619-2/
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1431
- https://usn.ubuntu.com/3617-3/
- https://www.exploit-db.com/exploits/43178/
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
- https://usn.ubuntu.com/3632-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c
- https://access.redhat.com/errata/RHSA-2018:0502
- https://usn.ubuntu.com/3617-2/
- https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c
- https://usn.ubuntu.com/3619-1/
- http://www.securityfocus.com/bid/101969
References
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3619-2/
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1431
- https://usn.ubuntu.com/3617-3/
- https://www.exploit-db.com/exploits/43178/
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
- https://usn.ubuntu.com/3632-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c
- https://access.redhat.com/errata/RHSA-2018:0502
- https://usn.ubuntu.com/3617-2/
- https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c
- https://usn.ubuntu.com/3619-1/
- http://www.securityfocus.com/bid/101969
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.