CVE-2017-14954

MEDIUM

Linux Kernel < 4.13.4 - Unauthorized Sensitive Information Exposure via waitid System Call

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14954. PoCs published by echo-devim.

AI-analyzed exploit summary This repository contains a combined exploit for three Linux kernel CVEs (CVE-2017-14954, CVE-2017-18344, CVE-2017-5123) to achieve local privilege escalation on Linux Kernel 4.13. It leverages an info leak to bypass KASLR, arbitrary read to locate the `struct cred`, and a buggy `waitid` syscall to overwrite the UID.

Description

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.

Exploits (1)

nomisec WORKING POC 1 stars
by echo-devim · poc
https://github.com/echo-devim/exploit_linux_kernel4.13

This repository contains a combined exploit for three Linux kernel CVEs (CVE-2017-14954, CVE-2017-18344, CVE-2017-5123) to achieve local privilege escalation on Linux Kernel 4.13. It leverages an info leak to bypass KASLR, arbitrary read to locate the `struct cred`, and a buggy `waitid` syscall to overwrite the UID.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux Kernel 4.13 (tested on Ubuntu)
No auth needed
Prerequisites: Local access to a vulnerable Linux Kernel 4.13 system · Kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.5
EPSS 0.0102
EPSS Percentile 59.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
linux/linux_kernel < 4.13.4
Published Oct 02, 2017
Tracked Since Feb 18, 2026