Back to search
CVE-2017-18344
Published: Jul 26, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2018:3540
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3083
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3591
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3459
vendor-advisory
x_refsource_REDHAT
1041414
vdb-entry
x_refsource_SECTRACK
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
x_refsource_MISC
RHSA-2018:3590
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2948
vendor-advisory
x_refsource_REDHAT
USN-3742-2
vendor-advisory
x_refsource_UBUNTU
104909
vdb-entry
x_refsource_BID
USN-3742-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:3586
vendor-advisory
x_refsource_REDHAT
45175
exploit
x_refsource_EXPLOIT-DB
RHSA-2018:3096
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now