Main Vulnerability Database Vulnerabilities #VU20854

#VU20854 Information disclosure in Linux kernel - CVE-2017-18549

Published: September 4, 2019

Vulnerability identifier: #VU20854

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-18549

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in the "drivers/scsi/aacraid/commctrl.c" file due to insufficient initialization of the reply structure by the "aac_send_raw_srb" function. A local authenticated user can access the system, execute an application that submits malicious input to the affected software and access sensitive stack memory information.

Remediation

Install updates from vendor's website.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342ffc26693b528648bdc9377e51e4f2450b4860

#VU20854 Information disclosure in Linux kernel - CVE-2017-18549

Description

Remediation

External links

Please verify you're human