Memory Access Vulnerability in Linux Kernel for PowerPC Systems
CVE-2019-12817

7HIGH

Key Information:

Vendor
Canonical
Status
Ubuntu Linux
Vendor
CVE Published:
25 June 2019

Summary

A vulnerability exists in the Linux kernel for PowerPC architectures prior to version 5.1.15, where unrelated processes could potentially access each other's virtual memory. This issue arises under certain conditions when utilizing mmap functions beyond the 512 TB boundary. Only specific PowerPC systems are impacted, which raises concerns about the security of process isolation, allowing for potential data breaches between processes.

References

https://usn.ubuntu.com/4031-1/
vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2019/06/24/5
mailing-listx_refsource_MLIST
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...
x_refsource_MISC

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.