CVE-2017-9150
Advisory lineage Upstream: 0 Downstream: 8
Modified
Published: 22 May 2017, 22:00
Last modified:05 Aug 2024, 16:55
Vulnerability Summary
Overall Risk (default)
medium
32/100 CVSS Score
5.5 MEDIUM
v3.0 (nvd)
EPSS Score
0.51% LOW
1% probability -0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
22 May 2017, 22:00
Published
Vulnerability first disclosed
05 Aug 2024, 16:55
Last Modified
Vulnerability information updated
Description
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
CVSS Metrics
- v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.51%• Percentile: 67%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- linux•linux_kernel
≤ 4.10.9
References (7)
- https://www.exploit-db.com/exploits/42048/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07
- https://source.android.com/security/bulletin/2017-09-01
- https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07
- http://www.securityfocus.com/bid/98635
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1251
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1