Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Linux kernel mm子系统安全漏洞
Vulnerability Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。mm subsystem是其中的一个用于记录内存管理的工作原理的子系统。 Linux kernel 4.10.10及之前的版本中的mm子系统存在安全漏洞,该漏洞源于程序没有正确的强制执行CONFIG_STRICT_DEVMEM保护机制。本地攻击者可借助应用程序利用该漏洞读取和写入内核内存位置,并绕过slab-allocation访问限制。
CVSS Information
N/A
Vulnerability Type
N/A