Early Access — Mondoo Vulnerability Intelligence is currently in preview.
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:NA:N5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N