Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-14954  

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.

Source
Severity Medium

Remote No

Type Information disclosure

Description 

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.

AVG-431 linux-lts 4.9.55-1 4.9.56-1 Medium Not affected

AVG-430 linux-hardened 4.13.4.a-1 4.13.5.a-1 Medium Fixed

AVG-429 linux-zen 4.13.4-1 4.13.5-1 Medium Fixed

AVG-428 linux 4.13.4-1 4.13.5-1 Medium Fixed 

https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c

Introduced in https://github.com/torvalds/linux/commit/7e95a225901a5d2fd140f14b4302805cecc22da7

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started