Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-16994

Date: November 27, 2017

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

Language: C

Severity Score

Related Resources (17)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c
https://nvd.nist.gov/vuln/detail/CVE-2017-16994
https://access.redhat.com/security/cve/CVE-2017-16994
https://access.redhat.com/errata/RHSA-2018:0502
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c
https://bugs.chromium.org/p/project-zero/issues/detail?id=1431
https://people.canonical.com/~ubuntu-security/cve/CVE-2017-16994
https://usn.ubuntu.com/3619-2/
https://www.exploit-db.com/exploits/43178/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3632-1/
http://www.securityfocus.com/bid/101969
https://www.mend.io/vulnerability-database/CVE-2017-16994

Severity Score

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us