Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 628916 (CVE-2017-13693, CVE-2017-13694, CVE-2017-13695)

Summary: kernel: through 4.12.9 local users bypass the KASLR protection (CVE-2017-{13693,13694,13695})
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: CONFIRMED ---    
Severity: normal CC: security-kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description D'juan McDonald (domhnall) 2017-08-25 14:00:23 UTC
CVE-2017-13693(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13693):
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

CVE-2017-13694(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13694):
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

CVE-2017-13695(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13695):
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.