← back
CVE-2017-9150

CVE-2017-9150

EPSS 1.3%
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42048/unverifiedexploitdbwww.exploit-db.com/exploits/42048unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07https://bugs.chromium.org/p/project-zero/issues/detail?id=1251https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07https://source.android.com/security/bulletin/2017-09-01https://www.exploit-db.com/exploits/42048/http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1http://www.securityfocus.com/bid/98635