Uninitialized Kernel Heap-Memory Information Disclosure Vulnerability

Uninitialized Kernel Heap-Memory Information Disclosure Vulnerability

CVE-2017-14991 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.