CVE-2025-27021
The misconfiguration in the sudoers configuration of the operating system in
Infinera G42 version R6.1.3 allows low privileged OS users to
read/write physical memory via devmem command line tool.
This could
allow sensitive information disclosure, denial of service, and privilege
escalation by tampering with kernel memory.
Details: The output of "sudo -l" reports the presence of "devmem" command
executable as super user without using a password. This command allows
to read and write an arbitrary memory area of the target device,
specifying an absolute address.
Infinera G42 version R6.1.3 allows low privileged OS users to
read/write physical memory via devmem command line tool.
This could
allow sensitive information disclosure, denial of service, and privilege
escalation by tampering with kernel memory.
Details: The output of "sudo -l" reports the presence of "devmem" command
executable as super user without using a password. This command allows
to read and write an arbitrary memory area of the target device,
specifying an absolute address.
Vendor
Product
CWE
Yayın Tarihi
2025-07-02 09:15:25
Güncelleme
2026-02-11 21:37:46
Source Identifier
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
KEV Date Added
-