5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
Linux kernel that is built with CONFIG_POSIX_TIMERES
and CONFIG_CHECKPOINT_RESTORE
is vulnerable to information disclosure. An out-of-bounds access in the show_timer
function in the timer_create syscall
implementation in kernel/time/posix-timers.c
allows userspace applications to read arbitrary kernel memory containing confidential information. This is due to an improper validation of the sigevent->sigev_notify
field when /proc/$PID/timers
is read.
www.securityfocus.com/bid/104909
www.securitytracker.com/id/1041414
access.redhat.com/articles/3553061
access.redhat.com/articles/3674801
access.redhat.com/errata/RHSA-2018:2948
access.redhat.com/errata/RHSA-2018:3083
access.redhat.com/errata/RHSA-2018:3096
access.redhat.com/errata/RHSA-2018:3459
access.redhat.com/errata/RHSA-2018:3540
access.redhat.com/errata/RHSA-2018:3586
access.redhat.com/errata/RHSA-2018:3590
access.redhat.com/errata/RHSA-2018:3591
access.redhat.com/security/updates/classification/#important
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe
usn.ubuntu.com/3742-1/
usn.ubuntu.com/3742-2/
www.exploit-db.com/exploits/45175/
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N