|CVSS SCORE||5.5, (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)|
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the logic that controls access to the /proc/<pid>/stat file. Access is not properly restricted from unauthorized processes, which can result in disclosure of useful memory addresses. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges.
This vulnerability is being disclosed publicly without a patch in accordance with ZDI policies.
06/04/19 – ZDI provided the vulnerability report to the vendor