CVE-2017-13305
A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory.
Find out more about CVE-2017-13305 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
| CVSS3 Base Score | 5.5 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | None |
| Availability Impact | None |
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2018:1062 | 2018-04-10 |
| Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) | RHSA-2018:0676 | 2018-04-10 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) | RHSA-2018:2165 | 2018-07-10 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Will not fix |
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected |
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |