Published: 02/10/2017 Updated: 06/10/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The waitid implementation in kernel/exit.c in the Linux kernel up to and including 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the Linux kernel ...

The waitid implementation in kernel/exitc in the Linux kernel through 4134 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call ...

LPE on linux kernel based on CVE-2017-14954, CVE-2017-18344, CVE-2017-5123

This repo contains an old poc that combines three CVEs (CVE-2017-14954, CVE-2017-18344, CVE-2017-5123) The poc is a Local Privilege Escalation for Linux Kernel 413 (tested on Ubuntu) The exploit uses an info leak (CVE-2017-14954) to bypass KASLR, an arbitrary read (CVE-2017-18344) to read the kernel memory looking for the struct cred for user with uid 1000 (non privileged) a

CWE-200 https://twitter.com/grsecurity/status/914079864478666753 https://twitter.com/_argp/status/914021130712870912 https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9 https://usn.ubuntu.com/3487-1/https://nvd.nist.gov

CVE-2017-14954

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect