Unintended Access to rusage Data Structures in Linux Kernel Allows Information Disclosure and KASLR Bypass

Unintended Access to rusage Data Structures in Linux Kernel Allows Information Disclosure and KASLR Bypass

CVE-2017-14954 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.