Lucene search

PRIOn knowledge basePRION:CVE-2017-14991

HistoryOct 04, 2017 - 1:29 a.m.

Design/Logic Flaw

2017-10-0401:29:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

CPENameOperatorVersion
linux_kernelle4.13.3

CPE	Name	Operator	Version
	linux_kernel	le	4.13.3

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4

www.securityfocus.com/bid/101187

github.com/torvalds/linux/commit/3e0097499839e0fe3af380410eababe5a47c4cf9

usn.ubuntu.com/3754-1/