Vulnerabilities

CVE-2017-5550

by Fred · 06/02/2017

Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision.

Date published : 2017-02-06

http://www.securityfocus.com/bid/95716

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb

Similar

Tags: Cybersecurity Alert