VYPR
Medium severity5.5NVD Advisory· Published Oct 4, 2017· Updated Jun 17, 2026

CVE-2017-14991

CVE-2017-14991

Description

The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <=4.13.3
    • (no CPE)range: <4.13.4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.