CVE-2017-1000410 — Sensitive Information Exposure in Kernel
Severity
7.5HIGHNVD
CNA8.0OSV8.0
EPSS
1.9%
top 16.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 7
Latest updateMay 14
Description
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.6, 7.4