CVE-2017-9150
Description
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.573
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel for Amazon Web Services (AWS) systems (USN-3364-3) linux-image-aws_4.4.0.1026.29_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3364-3) linux-image-gke_4.4.0.1022.24_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3364-3) linux-image-4.4.0-1022-gke_4.4.0-1022.22_amd64.deb | Linux |
| Linux kernel for Amazon Web Services (AWS) systems (USN-3364-3) linux-image-4.4.0-1026-aws_4.4.0-1026.35_amd64.deb | Linux |
| Linux hardware enablement kernel from Xenial for Trusty (USN-3364-2) linux-image-4.4.0-87-generic_4.4.0-87.110~14.04.1_i386.deb | Linux |
| Linux hardware enablement kernel from Xenial for Trusty (USN-3364-2) linux-image-4.4.0-87-generic_4.4.0-87.110~14.04.1_amd64.deb | Linux |
| Linux hardware enablement kernel from Xenial for Trusty (USN-3364-2) linux-image-4.4.0-87-lowlatency_4.4.0-87.110~14.04.1_i386.deb | Linux |
| Linux hardware enablement kernel from Xenial for Trusty (USN-3364-2) linux-image-4.4.0-87-lowlatency_4.4.0-87.110~14.04.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234