| Summary: | kernel: in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
| Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | arthur, security-kernel |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Fix in 4.9.37, 4.13 onwards |
from ${URL}: The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. CVE Details:(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12146) Upstream Patch:(https://github.com/torvalds/linux/commit/6265539776a0810b7ce6398c27866ddb9c6bd154) ChangeLog:(http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.1) Daj Uan (jmbailey/mbailey_j) Gentoo Security Padawan