CVE-2017-13695 - OpenCVE

The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/100497
https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5
https://nvd.nist.gov/vuln/detail/CVE-2017-13695
https://patchwork.kernel.org/patch/9850567/
https://usn.ubuntu.com/3696-1/
https://usn.ubuntu.com/3696-2/
https://usn.ubuntu.com/3762-1/
https://usn.ubuntu.com/3762-2/
https://www.cve.org/CVERecord?id=CVE-2017-13695

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-25T07:00:00

Updated: 2024-08-05T19:05:19.987Z

Reserved: 2017-08-25T00:00:00

Link: CVE-2017-13695

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-08-25T08:29:00.367

Modified: 2018-09-11T10:29:02.270

Link: CVE-2017-13695

Redhat

Severity : Moderate

Publid Date: 2017-07-19T00:00:00Z

Links: CVE-2017-13695 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-11T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3696-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3696-1/"}, {"name": "USN-3762-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3762-1/"}, {"name": "100497", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100497"}, {"name": "USN-3762-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3762-2/"}, {"name": "USN-3696-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3696-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5"}, {"tags": ["x_refsource_MISC"], "url": "https://patchwork.kernel.org/patch/9850567/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-13695", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3696-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3696-1/"}, {"name": "USN-3762-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3762-1/"}, {"name": "100497", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100497"}, {"name": "USN-3762-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3762-2/"}, {"name": "USN-3696-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3696-2/"}, {"name": "https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5", "refsource": "MISC", "url": "https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5"}, {"name": "https://patchwork.kernel.org/patch/9850567/", "refsource": "MISC", "url": "https://patchwork.kernel.org/patch/9850567/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:05:19.987Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3696-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3696-1/"}, {"name": "USN-3762-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3762-1/"}, {"name": "100497", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100497"}, {"name": "USN-3762-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3762-2/"}, {"name": "USN-3696-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3696-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://patchwork.kernel.org/patch/9850567/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-13695", "datePublished": "2017-08-25T07:00:00", "dateReserved": "2017-08-25T00:00:00", "dateUpdated": "2024-08-05T19:05:19.987Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D79A22B9-3726-448A-BFE1-196A48099B17", "versionEndIncluding": "4.12.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."}, {"lang": "es", "value": "La funci\u00f3n acpi_ns_evaluate() en drivers/acpi/acpica/nseval.c en el kernel Linux en su versi\u00f3n 4.12.9 no vac\u00eda la cach\u00e9 operativa y provoca un volcado de pila de kernel, lo que permite que usuarios locales obtengan informaci\u00f3n sensible de la memoria del kernel y omitan el mecanismo de protecci\u00f3n KASLR (en la versi\u00f3n 4.9 del kernel) mediante una tabla ACPI manipulada."}], "id": "CVE-2017-13695", "lastModified": "2018-09-11T10:29:02.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-25T08:29:00.367", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100497"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchwork.kernel.org/patch/9850567/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3696-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3696-2/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3762-1/"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3762-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ACPI operand cache leak in nseval.c", "id": "1485349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485349"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", "A flaw was found in the Linux kernel's ACPI subsystem where a function does not flush the operand cache and causes a kernel stack dump. This allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism when using a specially crafted ACPI table."], "name": "CVE-2017-13695", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "acpica-tools", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-07-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-13695\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13695"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/\nThe Red Hat Security Response Team has rated this issue as having moderate security impact.\nThe risks associated with fixing this bug are greater than the moderate\nseverity security risk. We therefore currently have no plans to fix this flaw\nin Red Hat Enterprise Linux 5,6,7 and Red Hat Enterprise MRG.", "threat_severity": "Moderate"}