Lucene search

Redhat.comRH:CVE-2017-18550

HistoryJan 10, 2020 - 3:48 a.m.

CVE-2017-18550

2020-01-1003:48:56

redhat.com

access.redhat.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

11.0%

JSON

A flaw was found in drivers/scsi/aacraid/commctrl.c in the Linux kernel, where there is potential exposure of kernel stack memory because the aac_get_hba_info function, does not initialize the hbainfo structure. An attacker with relevant permissions can issue ioctl to an aacraid device.

Mitigation

There is no known mitigation to this flaw, preventing users being able to issue an ioctl to this device by removing the relevant permissions to do so will limit the information exposure.

References

bugzilla.redhat.com/show_bug.cgi?id=1757375

nvd.nist.gov/vuln/detail/CVE-2017-18550

www.cve.org/CVERecord?id=CVE-2017-18550

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

11.0%

JSON

Related for RH:CVE-2017-18550