[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-14991

Date: (C)2017-10-04   (M)2017-10-17
 
CVSS Score: 2.1Access Vector: LOCAL
Exploitability Subscore: 3.9Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE











The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

Reference:
BID-101187
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4
https://github.com/torvalds/linux/commit/3e0097499839e0fe3af380410eababe5a47c4cf9

CWE    1
CWE-200

© 2013 SecPod Technologies