CVE-2017-9150
published 2017-05-22CVE-2017-9150: The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output…
PriorityP428medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EXPLOIT
EPSS
1.26%
66.0th percentile
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.9.30-1 (bookworm) | linux 4.9.30-1 (bookworm) |
| android | — | — | |
| linux | linux_kernel | <= 4.10.9 | — |
| linux | linux_kernel | >= 0 < 4.9.30-1 | 4.9.30-1 |
| linux | linux_kernel | >= 0 < 4.9.30-1 | 4.9.30-1 |
| linux | linux_kernel | >= 0 < 4.9.30-1 | 4.9.30-1 |
| linux | linux_kernel | >= 0 < 4.9.30-1 | 4.9.30-1 |
| linux | linux_kernel | >= 0 < 4.4.0-87.110 | 4.4.0-87.110 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_ubuntu7.8HIGH
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hgxc-xf8h-8v3q: The do_check function in kernel/bpf/verifier
ghsa_unreviewed·2022-05-17
CVE-2017-9150 [MEDIUM] CWE-200 GHSA-hgxc-xf8h-8v3q: The do_check function in kernel/bpf/verifier
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
OSV
linux-aws, linux-gke vulnerabilities
osv·2017-07-25·CVSS 5.5
CVE-2014-9900 [MEDIUM] linux-aws, linux-gke vulnerabilities
linux-aws, linux-gke vulnerabilities
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker could use this to
OSV
linux, linux-raspi2, linux-snapdragon vulnerabilities
osv·2017-07-24·CVSS 5.5
CVE-2014-9900 [MEDIUM] linux, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly validate some ioctl arguments. A local
attacker
OSV
linux-lts-xenial vulnerabilities
osv·2017-07-24·CVSS 5.5
CVE-2014-9900 [MEDIUM] linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive infor
OSV
linux-hwe vulnerabilities
osv·2017-07-21·CVSS 5.5
[MEDIUM] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please
note that this update changes the Linux HWE kernel to the 4.10 based
kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from
Ubuntu 16.10.
Ben Harris discovered that the Linux kernel would strip extended privilege
attributes of files when performing a failed unprivileged system call. A
local attacker could use this to cause a denial of service. (CVE-2015-1350)
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate meta block groups. An attacker with physical
access could use this to specially cr
OSV
CVE-2017-9150: The do_check function in kernel/bpf/verifier
osv·2017-05-22·CVSS 5.5
CVE-2017-9150 [MEDIUM] CVE-2017-9150: The do_check function in kernel/bpf/verifier
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
Android
CVE-2017-9150: Linux kernel
vendor_android·2017-09-01·CVSS 5.5
CVE-2017-9150 [MEDIUM] CVE-2017-9150: Linux kernel
Android Security Bulletin 2017-09-01
CVE: CVE-2017-9150
Severity: HIGH
Type: ID
Component: Linux kernel
References: A-62199770
Upstream kernel
Ubuntu
Linux kernel (AWS, GKE) vulnerabilities
vendor_ubuntu·2017-07-25·CVSS 5.5
CVE-2014-9900 [MEDIUM] Linux kernel (AWS, GKE) vulnerabilities
Title: Linux kernel (AWS, GKE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did no
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2017-07-24·CVSS 5.5
CVE-2014-9900 [MEDIUM] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3364-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsys
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-07-24·CVSS 5.5
CVE-2014-9900 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
It was discovered that the Linux kernel did not properly restrict access to
/proc/iomem. A local attacker could use this to expose sensitive
information. (CVE-2015-8944)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-2017-1000380)
Li Qiang discovered that the DRM driver for VMware Virtual GPUs in the
Linux kernel did not properly
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2017-07-21·CVSS 5.5
CVE-2015-1350 [MEDIUM] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please
note that this update changes the Linux HWE kernel to the 4.10 based
kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from
Ubuntu 16.10.
Ben Harris discovered that the Linux kernel would strip extended privilege
attributes of files when performing a failed unprivileged system call. A
local attacker could use this to cause a denial of service. (CVE-2015-1350)
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel
did not properly validate
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-07-20·CVSS 5.5
CVE-2014-9900 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Linux kernel did not properly initialize a Wake-
on-Lan data structure. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2014-9900)
Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet
discovered that the netfiler subsystem in the Linux kernel mishandled IPv6
packet reassembly. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2016-9755)
Alexander Potapenko discovered a race condition in the Advanced Linux Sound
Architecture (ALSA) subsystem in the Linux kernel. A local attacker could
use this to expose sensitive information (kernel memory).
(CVE-
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2017-06-29·CVSS 7.8
CVE-2017-1000363 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN 3324-1 fixed a vulnerability in the Linux kernel. However, that
fix introduced regressions for some Java applications. This update
addresses the issue. We apologize for the inconvenience.
Roee Hay discovered that the parallel port printer driver in the Linux
kernel did not properly bounds check passed arguments. A local attacker
with write access to the kernel command line arguments could use this to
execute arbitrary code. (CVE-2017-1000363)
It was discovered that a double-free vulnerability existed in the IPv4
stack of the Linux kernel. An attacker could use this to cause a denial of
service (system crash). (CVE-2017-8890)
Andrey Konovalov discovered an IPv6 out-of-bounds read er
Red Hat
kernel: eBPF verifier log leaks lower half of map pointer
vendor_redhat·2017-05-08·CVSS 5.5
CVE-2017-9150 [MEDIUM] CWE-200 kernel: eBPF verifier log leaks lower half of map pointer
kernel: eBPF verifier log leaks lower half of map pointer
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
Statement: This issue did not affect the versions of the kernel as shipped with Red Hat Enterprise Linux 5, 6,7 and MRG2/realtime kernels.
Package: kernel (Red Hat Ente
Debian
CVE-2017-9150: linux - The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1...
vendor_debian·2017·CVSS 5.5
CVE-2017-9150 [MEDIUM] CVE-2017-9150: linux - The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1...
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
Scope: local
bookworm: resolved (fixed in 4.9.30-1)
bullseye: resolved (fixed in 4.9.30-1)
forky: resolved (fixed in 4.9.30-1)
sid: resolved (fixed in 4.9.30-1)
trixie: resolved (fixed in 4.9.30-1)
No detection rules found.
Bugzilla
CVE-2017-9150 kernel: eBPF verifier log leaks lower half of map pointer
bugzilla·2017-05-23·CVSS 5.5
CVE-2017-9150 [MEDIUM] CVE-2017-9150 kernel: eBPF verifier log leaks lower half of map pointer
CVE-2017-9150 kernel: eBPF verifier log leaks lower half of map pointer
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive kernel information address information via crafted bpf system calls.
Upstream patch:
https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07
External References:
https://packetstormsecurity.com/files/142630/GS20170523000807.txt
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1454648]
---
Statement:
---
Statement:
This issue did not affect the versions of the kernel as shipped with Red Hat Enterprise Linux 5, 6,7 and
Bugzilla
CVE-2017-9150 kernel: eBPF verifier log leaks lower half of map pointer [fedora-all]
bugzilla·2017-05-23·CVSS 5.5
CVE-2017-9150 [MEDIUM] CVE-2017-9150 kernel: eBPF verifier log leaks lower half of map pointer [fedora-all]
CVE-2017-9150 kernel: eBPF verifier log leaks lower half of map pointer [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1http://www.securityfocus.com/bid/98635https://bugs.chromium.org/p/project-zero/issues/detail?id=1251https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07https://source.android.com/security/bulletin/2017-09-01https://www.exploit-db.com/exploits/42048/http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1http://www.securityfocus.com/bid/98635https://bugs.chromium.org/p/project-zero/issues/detail?id=1251https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07https://source.android.com/security/bulletin/2017-09-01https://www.exploit-db.com/exploits/42048/
2017-05-22
Published