DEBIAN-CVE-2017-16994

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2017-16994

Published: 27 Nov 2017, 19:29

Last modified:28 Apr 2026, 20:17

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

3.0 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Nov 2017, 19:29

Published

Vulnerability first disclosed

28 Apr 2026, 20:17

Last Modified

Vulnerability information updated

Description

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

CVSS Metrics

v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Systems

debian•linux
< 4.14.2-1 | < 4.14.2-1 | < 4.14.2-1 | < 4.14.2-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2017-16994