readykernel-patch-63.3-56.0-3.vl7
- Kernel Update Version:
- 3.10.0-862.9.1.vz7.63.3
- Release Date:
- 2022-03-02 08:28:02
-
CVE-2017-18344
Out-of-bounds access in show_timer() function.
The implementation of timer_create system call in the Linux kernel before 4.14.8 doesn't properly validate the sigevent::sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-18344