CVE-2017-18344

moderate-risk

Published 2018-07-26

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).

Do I need to act?

11.9% chance of exploitation in next 30 days

EPSS score — higher than 88% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45175

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (15)

Linux Kernel

Ubuntu Linux

Mrg Realtime

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Affected Vendors

Redhat Linux Canonical

References (30)

Third Party Advisory http://www.securityfocus.com/bid/104909

Third Party Advisory http://www.securitytracker.com/id/1041414

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2948

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3083

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3096

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3459

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3540

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3586

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3590

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3591

Third Party Advisory https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8

Patch https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efb...

Third Party Advisory https://usn.ubuntu.com/3742-1/

Third Party Advisory https://usn.ubuntu.com/3742-2/

Exploit https://www.exploit-db.com/exploits/45175/

Third Party Advisory http://www.securityfocus.com/bid/104909

Third Party Advisory http://www.securitytracker.com/id/1041414

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2948

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3083

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3096

and 10 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 12/34 · Low

Exposure 18/34 · Moderate