UBUNTU-CVE-2017-14140

Description

The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Systems

• ubuntu•linux

  < 3.13.0-142.191 | < 4.4.0-97.120

• ubuntu•linux-aws

  < 4.4.0-1038.47

• ubuntu•linux-azure

  < 4.13.0-1005.7

• ubuntu•linux-azure-6.11

  all

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-gcp

  < 4.13.0-1002.5

• ubuntu•linux-gcp-6.11

  all

• ubuntu•linux-gke

  < 4.4.0-1032.32 | all

• ubuntu•linux-hwe

  < 4.13.0-32.35~16.04.1

• ubuntu•linux-hwe-6.11

  all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-kvm

  < 4.4.0-1008.13

• ubuntu•linux-lowlatency-hwe-6.11

  all

• ubuntu•linux-lts-xenial

  < 4.4.0-97.120~14.04.1

• ubuntu•linux-raspi-realtime

  all

• ubuntu•linux-raspi2

  < 4.4.0-1075.83 | all

• ubuntu•linux-realtime

  all

• ubuntu•linux-riscv

  all | all

• ubuntu•linux-snapdragon

  < 4.4.0-1077.82

References (9)

• https://ubuntu.com/security/CVE-2017-14140
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197e7e521384a23b9e585178f3f11c9fa08274b9
• http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9
• https://github.com/torvalds/linux/commit/197e7e521384a23b9e585178f3f11c9fa08274b9
• https://ubuntu.com/security/notices/USN-3444-1
• https://ubuntu.com/security/notices/USN-3444-2
• https://ubuntu.com/security/notices/USN-3583-1
• https://ubuntu.com/security/notices/USN-3583-2
• https://www.cve.org/CVERecord?id=CVE-2017-14140