Bugzilla – Bug 1061284
VUL-0: CVE-2017-14954: kernel-source: KASLR kernel/exit.c privilege escalation
Last modified: 2018-02-09 07:36:34 UTC
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4
accesses rusage data structures in unintended cases, which allows local users to
obtain sensitive information, and bypass the KASLR protection mechanism, via a
crafted system call.
The commit ce72a16fa705f960ca2352e95a7c5f4801475e75 is only found in 4.13, not backported to stable / older kernels, so this is only for TW.
Should be fixed through stable updates soon later, I suppose.
And it is. Bouncing back...
fixed upstream in newer kernels