arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 3.2.62 (excluding) |
Linux_kernel | Linux | 3.3 (including) | 3.4.101 (excluding) |
Linux_kernel | Linux | 3.5 (including) | 3.10.51 (excluding) |
Linux_kernel | Linux | 3.11 (including) | 3.12.27 (excluding) |
Linux_kernel | Linux | 3.13 (including) | 3.14.15 (excluding) |
Linux_kernel | Linux | 3.15 (including) | 3.15.8 (excluding) |