CVE-2017-7889

HIGH

Linux Kernel < 3.2.91 - Incorrect Permission Assignment

Title source: rule
STIX 2.1

Description

The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3583-2/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2669
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1854
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3583-1/
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3945
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97690
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2077
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2017/04/16/4
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1842

Scores

CVSS v3 7.8
EPSS 0.0003
EPSS Percentile 8.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (4)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
debian/debian_linux 8.0
linux/linux_kernel < 3.2.91
Published Apr 17, 2017
Tracked Since Feb 18, 2026