CVE-2017-9150

MEDIUM

Linux kernel <4.11.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9150. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates an information leak vulnerability in the eBPF verifier of the Linux kernel. It leaks the lower half of a raw pointer to a map by using verbose mode during verification, which prints the raw 32-bit value of the pointer.

Description

The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdoslinux

https://www.exploit-db.com/exploits/42048

View Code ZIP pw:eip

This exploit demonstrates an information leak vulnerability in the eBPF verifier of the Linux kernel. It leaks the lower half of a raw pointer to a map by using verbose mode during verification, which prints the raw 32-bit value of the pointer.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel (tested on 4.11)

No auth needed

Prerequisites: Access to a system with a vulnerable Linux kernel · Ability to execute BPF programs

MITRE ATT&CK