The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 3.2.91 (excluding) |
Linux_kernel | Linux | 3.3 (including) | 3.10.107 (excluding) |
Linux_kernel | Linux | 3.11 (including) | 3.12.74 (excluding) |
Linux_kernel | Linux | 3.13 (including) | 3.16.46 (excluding) |
Linux_kernel | Linux | 3.17 (including) | 3.18.50 (excluding) |
Linux_kernel | Linux | 3.19 (including) | 4.1.41 (excluding) |
Linux_kernel | Linux | 4.2 (including) | 4.4.63 (excluding) |
Linux_kernel | Linux | 4.5 (including) | 4.9.24 (excluding) |
Linux_kernel | Linux | 4.10 (including) | 4.10.12 (excluding) |