The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
3.13.0-157.2074.4.0-1016.164.4.0-119.143~14.04.14.4.0-119.1434.4.0-1054.634.13.0-1005.74.13.0-1002.54.13.0-32.35~16.04.14.4.0-1020.254.4.0-1086.94Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:NCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N