The vulnerability of the do_shmat function in the ipc/shm.c component of the Linux operating system’s kernel, which stems from insufficient validation of input data, allows a privileged user to circumvent existing security restrictions.

🗓️ 28 Dec 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

The do_shmat vulnerability in ipc/shm.c due to insufficient input validation enables bypass.

Reporter	Title	Published	Views	Family All 167
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM	17 Dec 201814:20	–	ibm
Amazon	Medium: kernel	6 Apr 201700:00	–	amazon
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2017-814)	18 Apr 201700:00	–	nessus
Tenable Nessus	Debian DLA-849-1 : linux security update	10 Mar 201700:00	–	nessus
Tenable Nessus	Debian DSA-3804-1 : linux - security update	9 Mar 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1056)	1 May 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1057)	1 May 201700:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1471)	13 May 201900:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1502)	13 May 201900:00	–	nessus
Tenable Nessus	Fedora 24 : kernel (2017-2e1f3694b2)	13 Mar 201700:00	–	nessus

Source	Link
debian	www.debian.org/security/2017/dsa-3804
securityfocus	www.securityfocus.com/bid/96754
securitytracker	www.securitytracker.com/id/1037918
ubuntu	www.ubuntu.com/usn/usn-3265-1
ubuntu	www.ubuntu.com/usn/usn-3265-2
ubuntu	www.ubuntu.com/usn/usn-3361-1
bugzilla	www.bugzilla.kernel.org/show_bug.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.omprussia.ru/bb4321
cve	www.cve.omprussia.ru/bb5322

18 Jun 2024 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 26.8

CVSS 37.8

EPSS0.00031

do_shmat function ipc shm file linux kernel insufficient input validation privileged user bypass security