CVE-2017-5669

Impact:
Low
Public Date:
2017-01-20
CWE:
CWE-270
Bugzilla:
1427239: CVE-2017-5669 kernel: Shmat allows mmap null page protection bypass
The do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a certain rounding operation. This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call. This is possible by making crafted shmget and shmat system calls in a privileged context.

Find out more about CVE-2017-5669 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG-2 as the flaw can only be exploited by a privileged user.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 6.7
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Will not fix
Red Hat Enterprise Linux 7 kernel-rt Will not fix
Red Hat Enterprise Linux 7 kernel Will not fix
Red Hat Enterprise Linux 6 kernel Will not fix
Red Hat Enterprise Linux 5 kernel Will not fix

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.