CVE-2017-5669

Shmat syscall allows null-page protection bypass

Publish date

January 2017

Identifier

CVE-2017-5669

Manufacturer

Linux Foundation

Product

Linux

Patched

http://bugzilla.kernel.org/show_bug.cgi?id=192931

Authors

Gareth Evans

Description

The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5669

 

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider