Linux : Security Vulnerabilities, CVEs, Published In October 2017 (Information Leak)

CVE-2017-15537

The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-17
Updated
2018-01-13

CVE-2017-14991

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-04
Updated
2018-08-24

CVE-2017-14954

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-02
Updated
2017-10-06
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close