CVE-2017-11472 - OpenCVE

The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f
https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6
https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f
https://nvd.nist.gov/vuln/detail/CVE-2017-11472
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3754-1/
https://www.cve.org/CVERecord?id=CVE-2017-11472

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-20T04:00:00

Updated: 2024-08-05T18:12:39.871Z

Reserved: 2017-07-19T00:00:00

Link: CVE-2017-11472

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-07-20T04:29:00.283

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-11472

Redhat

Severity : Low

Publid Date: 2017-04-26T00:00:00Z

Links: CVE-2017-11472 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-24T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3619-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "USN-3754-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3754-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6"}, {"name": "USN-3619-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3619-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11472", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/"}, {"name": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f"}, {"name": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6", "refsource": "CONFIRM", "url": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6"}, {"name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:12:39.871Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3619-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "USN-3754-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3754-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6"}, {"name": "USN-3619-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3619-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11472", "datePublished": "2017-07-20T04:00:00", "dateReserved": "2017-07-19T00:00:00", "dateUpdated": "2024-08-05T18:12:39.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F52D90B6-7027-46F8-9696-3783E7F7A0B7", "versionEndIncluding": "4.11.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."}, {"lang": "es", "value": "La funci\u00f3n acpi_ns_terminate() en el archivo drivers/acpi/acpica/nsutils.c en el kernel de Linux anterior a versi\u00f3n 4.12, no limpia la cach\u00e9 operand y causa un volcado de pila del kernel, que permite a los usuarios locales obtener informaci\u00f3n confidencial de la memoria del kernel y omitir el mecanismo de protecci\u00f3n KASLR (en el kernel hasta versi\u00f3n 4.9) por medio de una tabla ACPI creada."}], "id": "CVE-2017-11472", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-20T04:29:00.283", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3619-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3619-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3754-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ACPI operand cache leak in acpi_ns_terminate()", "id": "1473214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473214"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-209", "details": ["The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", "The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump. A local users could obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."], "name": "CVE-2017-11472", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-11472\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11472"], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 as the code with the flaw is not present in the products listed.", "threat_severity": "Low", "upstream_fix": "kernel 4.12"}