Published: 22/05/2017 Updated: 09/09/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The do_check function in kernel/bpf/verifier.c in the Linux kernel prior to 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the Linux kernel ...

The do_check function in kernel/bpf/verifierc in the Linux kernel before 4111 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls ...

/* Source: bugschromiumorg/p/project-zero/issues/detail?id=1251 When the eBPF verifier (kernel/bpf/verifierc) runs in verbose mode, it dumps all processed instructions to a user-accessible buffer in human-readable form using print_bpf_insn() For instructions with class BPF_LD and mode BPF_IMM, it prints the raw 32-bit value: } else ...

CWE-200 https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07 https://bugs.chromium.org/p/project-zero/issues/detail?id=1251 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07 http://www.securityfocus.com/bid/98635 https://www.exploit-db.com/exploits/42048/https://source.android.com/security/bulletin/2017-09-01 https://nvd.nist.gov https://www.exploit-db.com/exploits/42048/https://usn.ubuntu.com/3364-2/

CVE-2017-9150

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect