The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
14 Feb 2023, 21:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Canonical Canonical ubuntu Linux Debian debian Linux |
|
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* |
|
References | (DEBIAN) http://www.debian.org/security/2017/dsa-3945 - Third Party Advisory | |
References | (CONFIRM) https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b8f254aa17f720053054c4ecff3920973a83b9d6 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:1842 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3583-2/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:1854 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:2669 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2017:2077 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3583-1/ - Third Party Advisory |
05 Jan 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. |
Information
Published : 2017-04-17 00:59
Updated : 2023-12-10 12:01
NVD link : CVE-2017-7889
Mitre link : CVE-2017-7889
CVE.ORG link : CVE-2017-7889
JSON object : View
Products Affected
canonical
- ubuntu_linux
linux
- linux_kernel
debian
- debian_linux
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource