CVE 2017-14140
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
Related bugs and status
CVE-2017-14140 (Candidate) is related to these bugs:
Bug #1742772: powerpc: flush L1D on return to use
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1742772 | powerpc: flush L1D on return to use | linux (Ubuntu) | Undecided | Fix Released | ||
| 1742772 | powerpc: flush L1D on return to use | linux (Ubuntu Artful) | Undecided | Fix Released | ||
| 1742772 | powerpc: flush L1D on return to use | linux (Ubuntu Xenial) | Undecided | Fix Released | ||
| 1742772 | powerpc: flush L1D on return to use | linux (Ubuntu Trusty) | Medium | Fix Released | ||
Bug #1745338: upload urgency should be medium by default
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1745338 | upload urgency should be medium by default | linux (Ubuntu) | Medium | Fix Released | ||
| 1745338 | upload urgency should be medium by default | linux (Ubuntu Artful) | Medium | Fix Released | ||
| 1745338 | upload urgency should be medium by default | linux (Ubuntu Trusty) | Medium | Fix Released | ||
| 1745338 | upload urgency should be medium by default | linux (Ubuntu Precise) | Medium | Fix Released | ||
| 1745338 | upload urgency should be medium by default | linux (Ubuntu Xenial) | Medium | Fix Released | ||
Bug #1746900: linux: 3.13.0-142.191 -proposed tracker
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | linux (Ubuntu) | Undecided | Invalid | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | linux (Ubuntu Trusty) | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow automated-testing | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow certification-testing | Medium | Invalid | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow prepare-package | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow prepare-package-meta | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow prepare-package-signed | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow promote-to-proposed | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow promote-to-security | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow promote-to-updates | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow regression-testing | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow security-signoff | Medium | Fix Released | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow upload-to-ppa | Medium | Invalid | ||
| 1746900 | linux: 3.13.0-142.191 -proposed tracker | Kernel SRU Workflow verification-testing | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
