The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
4.4.0-1024.254.4.0-130.156~14.04.14.4.0-130.1564.4.0-1062.714.15.0-1023.24~16.04.14.15.0-1019.20~16.04.14.15.0-34.37~16.04.14.4.0-1029.344.4.0-1092.1004.4.0-1095.100Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:HI:NA:NCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N