Bug 628916 (CVE-2017-13693, CVE-2017-13694, CVE-2017-13695)

Summary:	kernel: through 4.12.9 local users bypass the KASLR protection (CVE-2017-{13693,13694,13695})
Product:	Gentoo Security	Reporter:	D'juan McDonald (domhnall) <flopwiki>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description D'juan McDonald (domhnall) 2017-08-25 14:00:23 UTC

CVE-2017-13693(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13693):
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

CVE-2017-13694(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13694):
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

CVE-2017-13695(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13695):
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.