Homepage

Information Exposure Affecting kernel-uek-doc package, versions <0:4.1.12-124.45.6.el7uek

Severity

 Recommended
high

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.11% (30th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Information Exposure vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-ORACLE7-KERNELUEKDOC-2579109
  • published10 Apr 2022
  • disclosed13 Jun 2017
Report a new vulnerability Found a mistake?

Introduced: 13 Jun 2017

CVE-2017-9605  (opens in a new tab)
CWE-200  (opens in a new tab)

How to fix?

Upgrade Oracle:7 kernel-uek-doc to version 0:4.1.12-124.45.6.el7uek or higher.
This issue was patched in ELSA-2020-5962.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-uek-doc package and not the kernel-uek-doc package as distributed by Oracle. See How to fix? for Oracle:7 relevant fixed versions and status.

The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.