PT-2019-1108 · Linux+3 · Linux Kernel+3

Timothy Michaud

·

Publicado

2019-02-18

·

Atualizado

2023-04-11

·

CVE-2018-20669

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.19.13
Description: A local attacker can exploit an issue in the i915 gem execbuffer2 ioctl function where a provided address with access ok() is not checked, allowing for a malicious IOCTL function call to overwrite arbitrary kernel memory. This can result in a Denial of Service or privilege escalation. The issue is due to a missing validation of a userspace pointer in i915 gem execbuffer2 ioctl of i915 gem execbuffer.c, which could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Recommendations: For Linux kernel versions through 4.19.13, consider upgrading to a version that includes the fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2019-1506
ALT-PU-2019-1548
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2368
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2020-3454
ALT-PU-2021-1531
ALT-PU-2021-1840
ASB-A-135368228
CVE-2018-20669
OPENSUSE-SU-2019:0203-1
OPENSUSE-SU-2019_0203-1
OPENSUSE-SU-2020:2193-1
OPENSUSE-SU-2020_2193-1
SUSE-SU-2019:0765-1
SUSE-SU-2019:0767-1
SUSE-SU-2019:0784-1
SUSE-SU-2019:0785-1
SUSE-SU-2019_0767-1
SUSE-SU-2020:3766-1
SUSE-SU-2020:3798-1
SUSE-SU-2021:0097-1
SUSE-SU-2021:0098-1
SUSE-SU-2021:0118-1
SUSE-SU-2021:0133-1
USN-4485-1

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu