The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-01T03:00:00Z
Updated: 2024-09-17T00:50:43.582Z
Reserved: 2017-09-30T00:00:00Z
Link: CVE-2017-14954
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2017-10-02T01:29:00.343
Modified: 2017-10-06T14:06:02.363
Link: CVE-2017-14954
Redhat