Information disclosure in Linux kernel - CVE-2017-7616
Published: May 22, 2017
Vulnerability identifier: #VU6613
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7616
CWE-ID: CWE-388
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information from system memory
The weakness exists due to an error handling flaw in the set_mempolicy() and mbind compat() system calls in 'mm/mempolicy.c'. A local attacker can trigger a failure of a certain bitmap operation and obtain sensitive information from uninitialized stack data.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to an error handling flaw in the set_mempolicy() and mbind compat() system calls in 'mm/mempolicy.c'. A local attacker can trigger a failure of a certain bitmap operation and obtain sensitive information from uninitialized stack data.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-7616
Install update from vendor's website.