CVE-2017-5967

NameCVE-2017-5967
DescriptionThe time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)wheezy3.2.78-1vulnerable
wheezy (security)3.2.86-1vulnerable
jessie3.16.39-1vulnerable
jessie (security)3.16.39-1+deb8u2vulnerable
stretch4.9.13-1fixed
sid4.9.16-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)4.9.13-1low

Notes

[jessie] - linux <no-dsa> (Upstream fix removes feature; not suitable for backporting)
[wheezy] - linux <no-dsa> (Upstream fix removes feature; not suitable for backporting)

Search for package or bug name: Reporting problems