CME-106

SMAP (Supervisor Mode Access Prevention)

Harden OS/Kernel High Confidence

Description

CPU feature preventing the kernel from reading/writing userspace memory except through designated copy functions. Hardens kernel against data-only attacks using userspace-controlled structures.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Kernel exploit cannot trivially read/write userspace-controlled data

CWE Relationships

CWE-119 CWE-269 CWE-200

Verification

Check CPU flags for smap support

$ grep -o smap /proc/cpuinfo | head -1
# Expected: smap
Platform: linux
← CME-105: SMEP (Supervisor Mode Execution Prevention) CME-107: Kernel Module Loading Restriction →