CVE-2017-5967
Summary
| CVE | CVE-2017-5967 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-02-14 06:59:00 UTC |
|---|
| Updated | 2017-03-07 02:59:00 UTC |
|---|
| Description | The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Operating System |
Linux |
Linux Kernel |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| 193921 – /proc/timer_list leaks the real pids of the associated processes |
MISC |
bugzilla.kernel.org |
Issue Tracking |
| Linux Kernel CVE-2017-5967 Multiple Local Information Disclosure Vulnerabilities |
BID |
www.securityfocus.com |
|
| kernel/git/tip/tip.git - Unnamed repository; edit this file 'description' to name the repository. |
CONFIRM |
git.kernel.org |
Issue Tracking, Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 198323 Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4904-1)
