Lucene search

Veracode Vulnerability DatabaseVERACODE:18251

HistoryMay 02, 2019 - 6:36 a.m.

Improper Access Control

2019-05-0206:36:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Linux kernel is vulnerable to improper access control. The vulnerability exists because the mm subsystem in the Linux kernel does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. Local users could read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.

CPENameOperatorVersion
kernel-rteq3.10.0__229.rt56.162.el6rt
kernel-rteq3.0.36__rt57.66.el6rt
kernel-rteq3.10.0__327.rt56.198.el6rt
kernel-rteq3.10.0__229.rt56.153.el6rt
kernel-rteq3.0.9__rt26.46.el6rt
kernel-rteq3.10.0__327.rt56.195.el6rt
kernel-rteq3.10.0__514.rt56.231.el6rt
kernel-rteq3.8.13__rt14.20.el6rt
kernel-rteq3.10.0__327.rt56.197.el6rt
kernel-rteq3.10.0__514.rt56.210.el6rt

Name	Operator	Version
kernel-rt	eq	3.10.0__229.rt56.162.el6rt
kernel-rt	eq	3.0.36__rt57.66.el6rt
kernel-rt	eq	3.10.0__327.rt56.198.el6rt
kernel-rt	eq	3.10.0__229.rt56.153.el6rt
kernel-rt	eq	3.0.9__rt26.46.el6rt
kernel-rt	eq	3.10.0__327.rt56.195.el6rt
kernel-rt	eq	3.10.0__514.rt56.231.el6rt
kernel-rt	eq	3.8.13__rt14.20.el6rt
kernel-rt	eq	3.10.0__327.rt56.197.el6rt
kernel-rt	eq	3.10.0__514.rt56.210.el6rt

Rows per page:

1-10 of 3501

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94

www.debian.org/security/2017/dsa-3945

www.openwall.com/lists/oss-security/2017/04/16/4

www.securityfocus.com/bid/97690

access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html

access.redhat.com/errata/RHSA-2017:1842

access.redhat.com/errata/RHSA-2017:2077

access.redhat.com/errata/RHSA-2017:2669

access.redhat.com/errata/RHSA-2018:1854

access.redhat.com/security/cve/CVE-2016-10741

access.redhat.com/security/cve/CVE-2017-2584

access.redhat.com/security/cve/CVE-2017-5551

access.redhat.com/security/cve/CVE-2017-7495

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1377840

bugzilla.redhat.com/show_bug.cgi?id=1378172

bugzilla.redhat.com/show_bug.cgi?id=1389215

bugzilla.redhat.com/show_bug.cgi?id=1400188

bugzilla.redhat.com/show_bug.cgi?id=1414052

bugzilla.redhat.com/show_bug.cgi?id=1421801

bugzilla.redhat.com/show_bug.cgi?id=1421810

bugzilla.redhat.com/show_bug.cgi?id=1425780

bugzilla.redhat.com/show_bug.cgi?id=1426661

bugzilla.redhat.com/show_bug.cgi?id=1427626

bugzilla.redhat.com/show_bug.cgi?id=1427647

bugzilla.redhat.com/show_bug.cgi?id=1427991

bugzilla.redhat.com/show_bug.cgi?id=1428890

bugzilla.redhat.com/show_bug.cgi?id=1428943

bugzilla.redhat.com/show_bug.cgi?id=1429610

bugzilla.redhat.com/show_bug.cgi?id=1429640

bugzilla.redhat.com/show_bug.cgi?id=1429951

bugzilla.redhat.com/show_bug.cgi?id=1429977

bugzilla.redhat.com/show_bug.cgi?id=1430023

bugzilla.redhat.com/show_bug.cgi?id=1430038

bugzilla.redhat.com/show_bug.cgi?id=1430074

bugzilla.redhat.com/show_bug.cgi?id=1430353

bugzilla.redhat.com/show_bug.cgi?id=1430926

bugzilla.redhat.com/show_bug.cgi?id=1430946

bugzilla.redhat.com/show_bug.cgi?id=1431104

bugzilla.redhat.com/show_bug.cgi?id=1432118

bugzilla.redhat.com/show_bug.cgi?id=1434616

bugzilla.redhat.com/show_bug.cgi?id=1438512

bugzilla.redhat.com/show_bug.cgi?id=1441552

bugzilla.redhat.com/show_bug.cgi?id=1452240

bugzilla.redhat.com/show_bug.cgi?id=1459056

git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b8f254aa17f720053054c4ecff3920973a83b9d6

github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94

usn.ubuntu.com/3583-1/

usn.ubuntu.com/3583-2/

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for VERACODE:18251