CVE-2017-5669

Shmat syscall allows null-page protection bypass

Publish date

January 2017

Identifier

CVE-2017-5669

Manufacturer

Linux Foundation

Product

Linux

Patched

http://bugzilla.kernel.org/show_bug.cgi?id=192931

Authors

Gareth Evans

Description

The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5669

CBEST
CREST STAR
CHECK IT Health Check Service
CREST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
Allianz für Cyber-Sicherheit