Published: 24/02/2017 Updated: 09/10/2020

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The do_shmat function in ipc/shm.c in the Linux kernel up to and including 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 8.0
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts CVE-2016-9588 Jim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine A local attacker ...

Possible double free in stcp_sendmsg() (incorrect fix for CVE-2017-5986): It was found that the code in net/sctp/socketc in the Linux kernel through 4101 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded ...

Several security issues were fixed in the Linux kernel ...

Several security issues were fixed in the kernel ...

The do_shmat function in ipc/shmc in the Linux kernel, through 4912, does not restrict the address calculated by a certain rounding operation This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call This is possible by making crafted shmget and shmat system calls ...

r151019 r151019 / Mar20 Date Subject Commit 20Mar2014 OS-2834 ship lx brand e8facfd99e91cf5fefa4291a3ba0b6a0710eea09 r151019 / Jun08 Date Subject Commit 20Mar2014 OS-2836 lx brand installer hardcodes /usr/sfw/bin/gtar ea8e5e6536094a59f04195b1aa255e96ac1bbc44 28Mar2014 OS-2863 lx brand need finer grained control over version 75c15d410d1e0a2763da7339ed8f40732c3

NVD-CWE-noinfo https://github.com/torvalds/linux/commit/e1d35d4dc7f089e6c9c080d556feedf9c706f0c7 https://bugzilla.kernel.org/show_bug.cgi?id=192931 http://www.securityfocus.com/bid/96754 http://www.securitytracker.com/id/1037918 http://www.debian.org/security/2017/dsa-3804 https://usn.ubuntu.com/3583-2/https://usn.ubuntu.com/3583-1/https://github.com/torvalds/linux/commit/95e91b831f87ac8e1f8ed50c14d709089b4e01b8 https://nvd.nist.gov https://github.com/omniosorg/lx-port-data https://www.debian.org/security/./dsa-3804 https://usn.ubuntu.com/3583-2/

CVE-2017-5669

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect