PT-2016-1585 · Linux+2 · Linux Kernel+2

Mark Seaborn

Published

2015-03-27

Updated

2017-02-17

CVE-2016-0823

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.19.3

Description The issue is related to the pagemap open function in fs/proc/task mmu.c of the Linux kernel, which lacks protection of internal data. This can be exploited by a local attacker to gain access to sensitive information by reading the pagemap file. The exploitation allows local users to obtain sensitive physical-address information.

Recommendations For Linux kernel versions prior to 3.19.3, update to version 3.19.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the pagemap file to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2015-1326

ALT-PU-2015-1849

BDU:2016-00886

CVE-2016-0823

OPENSUSE-SU-2016_2625-1

SUSE-SU-2016:2976-1

SUSE-SU-2016:3069-1

SUSE-SU-2017:0333-1

SUSE-SU-2017:0494-1

Affected Products

Alt Linux

Linux Kernel

Suse

PT-2016-1585 · Linux+2 · Linux Kernel+2

CVE-2016-0823

Weakness Enumeration

Related Identifiers

Affected Products

References · 253