PT-2019-1435 · Linux+5 · Linux Kernel+5

Publicado

2017-03-17

Atualizado

2021-06-02

CVE-2019-8980

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.20.11

Description The issue is related to a memory leak in the kernel read file function, specifically in the fs/exec.c file of the Linux kernel. This leak occurs when handling vfs read failures, allowing attackers to cause a denial of service by consuming memory. The exploitation of this issue can be achieved by triggering vfs read failures, potentially through specially crafted files.

Recommendations For Linux kernel versions through 4.20.11, consider updating to a version that includes a fix for the memory leak in the kernel read file function to prevent denial of service attacks. As a temporary workaround, consider restricting access to sensitive files and implementing memory usage monitoring to minimize the risk of exploitation.

Exploit

Correção

DoS

Memory Leak

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-401CWE-399

Identificadores relacionados

ALT-PU-2017-1299

ALT-PU-2018-1557

ALT-PU-2019-1415

ALT-PU-2019-1436

ALT-PU-2019-1506

BDU:2019-00818

CESA-2020_1567

CESA-2020_1769

CVE-2019-8980

DLA-1771-1

OPENSUSE-SU-2019:1193-1

OPENSUSE-SU-2019_1193-1

RHSA-2020:1567

RHSA-2020:1769

RHSA-2020_1567

RHSA-2020_1769

SUSE-SU-2019:0765-1

SUSE-SU-2019:0767-1

SUSE-SU-2019:0784-1

SUSE-SU-2019:0785-1

USN-3930-1

USN-3930-2

USN-3931-1

USN-3931-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2019-1435 · Linux+5 · Linux Kernel+5

CVE-2019-8980

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 335