Medium severity5.5NVD Advisory· Published May 22, 2017· Updated May 13, 2026

CVE-2017-9150

Description

The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <=4.10.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatchThird Party Advisory
bugs.chromium.org/p/project-zero/issues/detailnvdIssue TrackingPatchThird Party Advisory
github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07nvdIssue TrackingPatchThird Party Advisory
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1nvdRelease NotesVendor Advisory
www.securityfocus.com/bid/98635nvd
source.android.com/security/bulletin/2017-09-01nvd
www.exploit-db.com/exploits/42048/nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000