CVE-2017-7889 Information

Feb 14, 2021 cve

Description

The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file related to arch/x86/mm/init.c and drivers/char/mem.c.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94 http://www.debian.org/security/2017/dsa-3945 http://www.openwall.com/lists/oss-security/2017/04/16/4 http://www.securityfocus.com/bid/97690 https://access.redhat.com/errata/RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2018:1854 https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94 https://usn.ubuntu.com/3583-1/ https://usn.ubuntu.com/3583-2/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: