Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 628916 (CVE-2017-13693, CVE-2017-13694, CVE-2017-13695) - kernel: through 4.12.9 local users bypass the KASLR protection (CVE-2017-{13693,13694,13695})
Summary: kernel: through 4.12.9 local users bypass the KASLR protection (CVE-2017-{136...
Status: CONFIRMED
Alias: CVE-2017-13693, CVE-2017-13694, CVE-2017-13695
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-25 14:00 UTC by D'juan McDonald (domhnall)
Modified: 2017-09-08 22:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2017-08-25 14:00:23 UTC
CVE-2017-13693(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13693):
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

CVE-2017-13694(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13694):
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

CVE-2017-13695(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13695):
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.