CVE-2017-18344
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
La implementación de llamada del sistema timer_create en kernel/time/posix-timers.c en el kernel de Linux en versiones anteriores a la 4.14.8 no valida correctamente el campo sigevent->sigev_notify, conduciendo a un acceso fuera de límites en la función show_timer (que se llama cuando se lee /proc/$PID/timers). Esto permite que las aplicaciones del espacio del usuario lean memoria del kernel arbitraria (en un kernel construido con CONFIG_POSIX_TIMERS y CONFIG_CHECKPOINT_RESTORE).
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-26 CVE Reserved
- 2018-07-26 CVE Published
- 2023-07-20 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (17)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104909 | Third Party Advisory | |
http://www.securitytracker.com/id/1041414 | Third Party Advisory | |
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/45175 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe | 2020-10-15 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2948 | 2020-10-15 | |
https://access.redhat.com/errata/RHSA-2018:3083 | 2020-10-15 | |
https://access.redhat.com/errata/RHSA-2018:3096 | 2020-10-15 | |
https://access.redhat.com/errata/RHSA-2018:3459 | 2020-10-15 | |
https://access.redhat.com/errata/RHSA-2018:3540 | 2020-10-15 | |
https://access.redhat.com/errata/RHSA-2018:3586 | 2020-10-15 | |
https://access.redhat.com/errata/RHSA-2018:3590 | 2020-10-15 | |
https://access.redhat.com/errata/RHSA-2018:3591 | 2020-10-15 | |
https://usn.ubuntu.com/3742-1 | 2020-10-15 | |
https://usn.ubuntu.com/3742-2 | 2020-10-15 | |
https://access.redhat.com/security/cve/CVE-2017-18344 | 2018-11-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1610958 | 2018-11-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.14.8 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.8" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Redhat Search vendor "Redhat" | Mrg Realtime Search vendor "Redhat" for product "Mrg Realtime" | 2.0 Search vendor "Redhat" for product "Mrg Realtime" and version "2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
|