http://bugzilla.opensuse.org/show_bug.cgi?id=1034405 Bug ID: 1034405 Summary: VUL-0: CVE-2017-7889: kernel-source: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7889 =========================================== Description The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. Source: MITRE Last Modified: 04/16/2017 =========================================== Hyperlink [1] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4... [2] http://www.openwall.com/lists/oss-security/2017/04/16/4 [3] https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc94640... [4] https://security-tracker.debian.org/tracker/CVE-2017-7889 -- You are receiving this mail because: You are on the CC list for the bug.