Home

CVE-2017-13695

Description

The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.011

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel for Amazon Web Services (AWS) systems (USN-3631-2) linux-image-generic-lts-xenial_4.4.0.130.110_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3631-2) linux-image-generic-lts-xenial_4.4.0.130.110_i386.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3631-2) linux-image-lowlatency-lts-xenial_4.4.0.130.110_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3631-2) linux-image-lowlatency-lts-xenial_4.4.0.130.110_i386.debLinux
Linux kernel (USN-3676-1) linux-image-aws_4.4.0.1062.64_amd64.debLinux
Linux kernel (USN-3676-1) linux-image-kvm_4.4.0.1029.28_amd64.debLinux
Linux kernel (USN-3676-1) linux-image-generic_4.4.0.130.136_amd64.debLinux
Linux kernel (USN-3676-1) linux-image-generic_4.4.0.130.136_i386.debLinux
Linux kernel (USN-3676-1) linux-image-lowlatency_4.4.0.130.136_amd64.debLinux
Linux kernel (USN-3676-1) linux-image-lowlatency_4.4.0.130.136_i386.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3676-2) linux-image-aws_4.4.0.1024.24_amd64.debLinux
Linux kernel (USN-3696-1) linux-image-aws_4.4.0.1062.64_amd64.debLinux
Linux kernel (USN-3696-1) linux-image-kvm_4.4.0.1029.28_amd64.debLinux
Linux kernel (USN-3696-1) linux-image-generic_4.4.0.130.136_i386.debLinux
Linux kernel (USN-3696-1) linux-image-generic_4.4.0.130.136_amd64.debLinux
Linux kernel (USN-3696-1) linux-image-lowlatency_4.4.0.130.136_i386.debLinux
Linux kernel (USN-3696-1) linux-image-lowlatency_4.4.0.130.136_amd64.debLinux
Linux kernel (USN-3696-1) linux-image-4.4.0-1029-kvm_4.4.0-1029.34_amd64.debLinux
Linux kernel (USN-3696-1) linux-image-4.4.0-1062-aws_4.4.0-1062.71_amd64.debLinux
Linux kernel (USN-3696-1) linux-image-4.4.0-130-generic_4.4.0-130.156_i386.debLinux
Linux kernel (USN-3696-1) linux-image-4.4.0-130-generic_4.4.0-130.156_amd64.debLinux
Linux kernel (USN-3696-1) linux-image-4.4.0-130-lowlatency_4.4.0-130.156_i386.debLinux
Linux kernel (USN-3696-1) linux-image-4.4.0-130-lowlatency_4.4.0-130.156_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3696-2) linux-image-aws_4.4.0.1024.24_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3696-2) linux-image-4.4.0-1024-aws_4.4.0-1024.25_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3696-2) linux-image-4.4.0-130-generic_4.4.0-130.156~14.04.1_i386.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3696-2) linux-image-4.4.0-130-generic_4.4.0-130.156~14.04.1_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3696-2) linux-image-4.4.0-130-lowlatency_4.4.0-130.156~14.04.1_i386.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3696-2) linux-image-4.4.0-130-lowlatency_4.4.0-130.156~14.04.1_amd64.debLinux
Linux kernel (USN-3740-1) linux-image-aws_4.15.0.1021.21_amd64.debLinux
Linux kernel (USN-3740-1) linux-image-gcp_4.15.0.1019.21_amd64.debLinux
Linux kernel (USN-3740-1) linux-image-gke_4.15.0.1019.21_amd64.debLinux
Linux kernel (USN-3740-1) linux-image-kvm_4.15.0.1021.21_amd64.debLinux
Linux kernel (USN-3740-1) linux-image-azure_4.15.0.1023.23_amd64.debLinux
Linux kernel (USN-3740-1) linux-image-azure-edge_4.15.0.1023.23_amd64.debLinux
Linux kernel (USN-3762-1) linux-image-4.15.0-1019-gcp_4.15.0-1019.20_amd64.debLinux
Linux kernel (USN-3762-1) linux-image-4.15.0-1021-aws_4.15.0-1021.21_amd64.debLinux
Linux kernel (USN-3762-1) linux-image-4.15.0-1021-kvm_4.15.0-1021.21_amd64.debLinux
Linux kernel (USN-3762-1) linux-image-4.15.0-1023-azure_4.15.0-1023.24_amd64.debLinux
Linux kernel (USN-3762-1) linux-image-4.15.0-34-generic_4.15.0-34.37_i386.debLinux
Linux kernel (USN-3762-1) linux-image-4.15.0-34-generic_4.15.0-34.37_amd64.debLinux
Linux kernel (USN-3762-1) linux-image-4.15.0-34-lowlatency_4.15.0-34.37_i386.debLinux
Linux kernel (USN-3762-1) linux-image-4.15.0-34-lowlatency_4.15.0-34.37_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-azure_4.15.0.1023.29_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-4.15.0-1019-gcp_4.15.0-1019.20~16.04.1_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-4.15.0-1023-azure_4.15.0-1023.24~16.04.1_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-4.15.0-34-generic_4.15.0-34.37~16.04.1_i386.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-4.15.0-34-generic_4.15.0-34.37~16.04.1_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-generic-hwe-16.04_4.15.0.34.56_i386.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-generic-hwe-16.04_4.15.0.34.56_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-4.15.0-34-lowlatency_4.15.0-34.37~16.04.1_i386.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-4.15.0-34-lowlatency_4.15.0-34.37~16.04.1_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-lowlatency-hwe-16.04_4.15.0.34.56_i386.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3762-2) linux-image-lowlatency-hwe-16.04_4.15.0.34.56_amd64.debLinux
Dtrace-modules-3.8.13-118.25.1.el6uek update (ELSA-2018-4245) dtrace-modules-3.8.13-118.25.1.el6uek-0.4.5-3.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-118.25.1.el7uek update (ELSA-2018-4245) dtrace-modules-3.8.13-118.25.1.el7uek-0.4.5-3.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234