CVE Vulnerabilities

CVE-2017-13694

Exposure of Sensitive Information to an Unauthorized Actor

Published: Aug 25, 2017 | Modified: Sep 20, 2017
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
3.3 MODERATE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Ubuntu

The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

Weakness

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * 4.12.9
Linux Ubuntu artful *
Linux Ubuntu cosmic *
Linux Ubuntu disco *
Linux Ubuntu eoan *
Linux Ubuntu esm-infra/xenial *
Linux Ubuntu groovy *
Linux Ubuntu hirsute *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu vivid/ubuntu-core *
Linux Ubuntu xenial *
Linux Ubuntu zesty *
Linux-aws Ubuntu cosmic *
Linux-aws Ubuntu disco *
Linux-aws Ubuntu eoan *
Linux-aws Ubuntu esm-infra/xenial *
Linux-aws Ubuntu groovy *
Linux-aws Ubuntu hirsute *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu trusty/esm *
Linux-aws Ubuntu xenial *
Linux-aws-5.0 Ubuntu bionic *
Linux-aws-5.11 Ubuntu focal *
Linux-aws-5.3 Ubuntu bionic *
Linux-aws-5.8 Ubuntu focal *
Linux-aws-hwe Ubuntu esm-infra/xenial *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu bionic *
Linux-azure Ubuntu cosmic *
Linux-azure Ubuntu disco *
Linux-azure Ubuntu eoan *
Linux-azure Ubuntu esm-infra/xenial *
Linux-azure Ubuntu groovy *
Linux-azure Ubuntu hirsute *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu trusty/esm *
Linux-azure Ubuntu xenial *
Linux-azure-5.11 Ubuntu focal *
Linux-azure-5.8 Ubuntu focal *
Linux-azure-edge Ubuntu bionic *
Linux-euclid Ubuntu xenial *
Linux-flo Ubuntu trusty *
Linux-flo Ubuntu xenial *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu cosmic *
Linux-gcp Ubuntu disco *
Linux-gcp Ubuntu eoan *
Linux-gcp Ubuntu esm-infra/xenial *
Linux-gcp Ubuntu groovy *
Linux-gcp Ubuntu hirsute *
Linux-gcp Ubuntu xenial *
Linux-gcp-5.11 Ubuntu focal *
Linux-gcp-5.3 Ubuntu bionic *
Linux-gcp-5.8 Ubuntu focal *
Linux-gcp-edge Ubuntu bionic *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-5.0 Ubuntu bionic *
Linux-gke-5.3 Ubuntu bionic *
Linux-goldfish Ubuntu trusty *
Linux-goldfish Ubuntu xenial *
Linux-goldfish Ubuntu zesty *
Linux-grouper Ubuntu trusty *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu esm-infra/xenial *
Linux-hwe Ubuntu xenial *
Linux-hwe-5.11 Ubuntu focal *
Linux-hwe-5.8 Ubuntu focal *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu xenial *
Linux-intel-5.13 Ubuntu focal *
Linux-kvm Ubuntu cosmic *
Linux-kvm Ubuntu disco *
Linux-kvm Ubuntu eoan *
Linux-kvm Ubuntu esm-infra/xenial *
Linux-kvm Ubuntu groovy *
Linux-kvm Ubuntu hirsute *
Linux-kvm Ubuntu xenial *
Linux-lts-quantal Ubuntu precise/esm *
Linux-lts-raring Ubuntu precise/esm *
Linux-lts-saucy Ubuntu precise/esm *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-vivid Ubuntu trusty *
Linux-lts-wily Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-maguro Ubuntu trusty *
Linux-mako Ubuntu trusty *
Linux-mako Ubuntu xenial *
Linux-manta Ubuntu trusty *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu cosmic *
Linux-oem Ubuntu disco *
Linux-oem Ubuntu eoan *
Linux-oem Ubuntu xenial *
Linux-oem-5.10 Ubuntu focal *
Linux-oem-5.6 Ubuntu focal *
Linux-oem-osp1 Ubuntu bionic *
Linux-oem-osp1 Ubuntu disco *
Linux-oem-osp1 Ubuntu eoan *
Linux-oracle Ubuntu cosmic *
Linux-oracle Ubuntu disco *
Linux-oracle Ubuntu eoan *
Linux-oracle Ubuntu esm-infra/xenial *
Linux-oracle Ubuntu groovy *
Linux-oracle Ubuntu hirsute *
Linux-oracle Ubuntu xenial *
Linux-oracle-5.0 Ubuntu bionic *
Linux-oracle-5.11 Ubuntu focal *
Linux-oracle-5.3 Ubuntu bionic *
Linux-oracle-5.8 Ubuntu focal *
Linux-raspi Ubuntu groovy *
Linux-raspi Ubuntu hirsute *
Linux-raspi2 Ubuntu artful *
Linux-raspi2 Ubuntu cosmic *
Linux-raspi2 Ubuntu disco *
Linux-raspi2 Ubuntu eoan *
Linux-raspi2 Ubuntu focal *
Linux-raspi2 Ubuntu vivid/ubuntu-core *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2 Ubuntu zesty *
Linux-raspi2-5.3 Ubuntu bionic *
Linux-riscv Ubuntu focal *
Linux-riscv Ubuntu groovy *
Linux-riscv Ubuntu hirsute *
Linux-riscv-5.11 Ubuntu focal *
Linux-riscv-5.8 Ubuntu focal *
Linux-snapdragon Ubuntu artful *
Linux-snapdragon Ubuntu disco *
Linux-snapdragon Ubuntu xenial *
Linux-snapdragon Ubuntu zesty *

Extended Description

There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker. Some kinds of sensitive information include:

Information might be sensitive to different parties, each of which may have their own expectations for whether the information should be protected. These parties include:

Information exposures can occur in different ways:

It is common practice to describe any loss of confidentiality as an “information exposure,” but this can lead to overuse of CWE-200 in CWE mapping. From the CWE perspective, loss of confidentiality is a technical impact that can arise from dozens of different weaknesses, such as insecure file permissions or out-of-bounds read. CWE-200 and its lower-level descendants are intended to cover the mistakes that occur in behaviors that explicitly manage, store, transfer, or cleanse sensitive information.

Potential Mitigations

  • Compartmentalize the system to have “safe” areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.

References