The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel prior to 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server tus 7.2 |
||
redhat enterprise linux server tus 7.4 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server aus 7.2 |
||
redhat enterprise linux server eus 7.3 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server tus 7.3 |
||
redhat mrg realtime 2.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server eus 7.5 |
What else is gong on in infosec this week...
Roundup This week we took a close look at Google security keys, bid adieu to Facebook's head security honcho, and had a few email credentials overshared by Atlassian. Here's everything else that happened in infosec land this week beyond what we've already reported. Chipmaker TSMC – which supplies components for Apple, AMD, Nvidia, Qualcomm, Broadcom, and others – said its semiconductor fab tools were downed by a virus. The malware hit the Taiwanese manufacturing giant's systems on Friday nig...