CVE-2017-11472
Description
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
Risk Information
Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.066
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-3469-1) linux-image-aws_4.4.0.1054.56_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-kvm_4.4.0.1020.19_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-generic_4.4.0.119.125_i386.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-generic_4.4.0.119.125_amd64.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-lowlatency_4.4.0.119.125_i386.deb | Linux |
| Linux kernel (USN-3469-1) linux-image-lowlatency_4.4.0.119.125_amd64.deb | Linux |
| Linux kernel (USN-3220-1) linux-image-generic_4.4.0.119.125_i386.deb | Linux |
| Linux kernel (USN-3220-1) linux-image-generic_4.4.0.119.125_amd64.deb | Linux |
| Linux kernel (USN-3220-1) linux-image-lowlatency_4.4.0.119.125_i386.deb | Linux |
| Linux kernel (USN-3220-1) linux-image-lowlatency_4.4.0.119.125_amd64.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-1020-kvm_4.4.0-1020.25_amd64.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-1054-aws_4.4.0-1054.63_amd64.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-119-generic_4.4.0-119.143_i386.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-119-generic_4.4.0-119.143_amd64.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-119-lowlatency_4.4.0-119.143_i386.deb | Linux |
| Linux kernel (USN-3619-1) linux-image-4.4.0-119-lowlatency_4.4.0-119.143_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-aws_4.4.0.1016.16_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-1016-aws_4.4.0-1016.16_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-119-generic_4.4.0-119.143~14.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-119-generic_4.4.0-119.143~14.04.1_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-119-lowlatency_4.4.0-119.143~14.04.1_i386.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3619-2) linux-image-4.4.0-119-lowlatency_4.4.0-119.143~14.04.1_amd64.deb | Linux |
| Linux kernel (USN-3754-1) linux-image-3.13.0-157-generic_3.13.0-157.207_i386.deb | Linux |
| Linux kernel (USN-3754-1) linux-image-3.13.0-157-generic_3.13.0-157.207_amd64.deb | Linux |
| Linux kernel (USN-3754-1) linux-image-3.13.0-157-lowlatency_3.13.0-157.207_i386.deb | Linux |
| Linux kernel (USN-3754-1) linux-image-3.13.0-157-lowlatency_3.13.0-157.207_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234