Uninitialized Kernel Memory Disclosure Vulnerability in Linux Kernel

Uninitialized Kernel Memory Disclosure Vulnerability in Linux Kernel

CVE-2017-16994 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.