Information disclosure in Linux kernel - CVE-2017-9150
Published: June 29, 2017 / Updated: July 4, 2017
Vulnerability identifier: #VU7249
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-9150
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to obtain sensitive information.
The weakness exists due to the failure to make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function the do_check function in kernel/bpf/verifier.c. A local attacker can use specially-crafted bpf system calls to read arbitrary files on the target system.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to the failure to make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function the do_check function in kernel/bpf/verifier.c. A local attacker can use specially-crafted bpf system calls to read arbitrary files on the target system.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-9150
Update to version 4.11.1.