Linux : Security Vulnerabilities, CVEs, Published In October 2017 (Information Leak)
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-17
Updated
2018-01-13
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-04
Updated
2018-08-24
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
Max CVSS
5.5
EPSS Score
0.04%
Published
2017-10-02
Updated
2017-10-06
3 vulnerabilities found