CVE-2017-14991

Sažetak

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4
http://www.securityfocus.com/bid/101187
https://github.com/torvalds/linux/commit/3e0097499839e0fe3af380410eababe5a47c4cf9
https://usn.ubuntu.com/3754-1/

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

24-08-2018 - 10:29

Objavljeno

04-10-2017 - 01:29