Published: 04/10/2017 Updated: 24/08/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel prior to 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the Linux kernel ...

stack buffer overflow in the native Bluetooth stackA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other th ...

The sg_ioctl() function in 'drivers/scsi/sgc' in the Linux kernel, from version 412-rc1 to 414-rc2, allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for '/dev/sg0' ...

CWE-200 https://github.com/torvalds/linux/commit/3e0097499839e0fe3af380410eababe5a47c4cf9 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9 http://www.securityfocus.com/bid/101187 https://usn.ubuntu.com/3754-1/https://nvd.nist.gov https://usn.ubuntu.com/3469-2/

CVE-2017-14991

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect