cpe:/o:debian:debian_linux:9.0 cpe:/o:linux:linux_kernel:4.14.8 CVE-2017-17864 2017-12-27T12:08:20.560-05:00 2018-01-12T21:29:13.473-05:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov BID 102320 SECTRACK 1040059 DEBIAN DSA-4073 UBUNTU USN-3523-2 MISC https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=stretch-security&id=ad775f6ff7eebb93eedc2f592bc974260e7757b0 MISC https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch?h=stretch-security kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."