cbcvebase.
CVE-2017-16994
published 2017-11-27

CVE-2017-16994: The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain…

PriorityP430medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EXPLOIT
EPSS
2.08%
79.2th percentile
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 4.14.2-1 (bookworm)linux 4.14.2-1 (bookworm)
linuxlinux_kernel< 4.14.24.14.2
linuxlinux_kernel>= 0 < 4.14.2-14.14.2-1
linuxlinux_kernel>= 0 < 4.14.2-14.14.2-1
linuxlinux_kernel>= 0 < 4.14.2-14.14.2-1
linuxlinux_kernel>= 0 < 4.14.2-14.14.2-1
linuxlinux_kernel>= 0 < 4.4.0-119.1434.4.0-119.143

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.