Medium severity5.5NVD Advisory· Published Nov 27, 2017· Updated May 13, 2026

CVE-2017-16994

Description

The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <4.14.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdPatch
github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7cnvdPatch
bugs.chromium.org/p/project-zero/issues/detailnvdExploitIssue TrackingPatch
www.exploit-db.com/exploits/43178/nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/101969nvdThird Party AdvisoryVDB Entry
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2nvdRelease Notes
access.redhat.com/errata/RHSA-2018:0502nvd
usn.ubuntu.com/3617-1/nvd
usn.ubuntu.com/3617-2/nvd
usn.ubuntu.com/3617-3/nvd
usn.ubuntu.com/3619-1/nvd
usn.ubuntu.com/3619-2/nvd
usn.ubuntu.com/3632-1/nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000