#VU8650 Information disclosure in Linux kernel - CVE-2017-14954
Published: October 2, 2017 / Updated: October 2, 2017
Vulnerability identifier: #VU8650
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-14954
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to an error in waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4. A local user can accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
Remediation
Install update from GIT repository:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed97654...
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed97654...
External links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed97654...
- https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
- https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c
- https://twitter.com/_argp/status/914021130712870912
- https://twitter.com/grsecurity/status/914079864478666753