PT-2019-1721 · Linux+5 · Linux Kernel+5

Jann Horn

·

Publicado

2019-02-07

·

Atualizado

2024-06-15

·

CVE-2019-6974

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.20.8
Description The issue is caused by a race condition in the kvm ioctl create device function, leading to a use-after-free error. This can be exploited by a remote attacker to cause a denial of service. The problem is related to errors in synchronization when using a shared resource.
Recommendations For Linux kernel versions prior to 4.20.8, update to version 4.20.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the kvm ioctl create device function to minimize the risk of exploitation.

Exploit

Correção

Use After Free

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416CWE-362

Identificadores relacionados

ALT-PU-2019-1231
ALT-PU-2019-1251
ALT-PU-2019-1252
ALT-PU-2019-1285
ALT-PU-2019-1286
BDU:2019-01346
CESA-2019_0818
CVE-2019-6974
DLA-1731-1
DLA-1731-2
DLA-1771-1
MGASA-2019-0097
MGASA-2019-0098
MGASA-2019-0171
OPENSUSE-SU-2019:0203-1
OPENSUSE-SU-2019_0203-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2019:0818
RHSA-2019:0833
RHSA-2019:2809
RHSA-2019:3967
RHSA-2019_0818
RHSA-2019_0833
RHSA-2020:0103
SUSE-SU-2019:0541-1
SUSE-SU-2019:0672-1
SUSE-SU-2019:0683-1
SUSE-SU-2019:0709-1
SUSE-SU-2019:0722-1
SUSE-SU-2019:0726-1
SUSE-SU-2019:0740-1
SUSE-SU-2019:0745-1
SUSE-SU-2019:0754-1
SUSE-SU-2019:0765-1
SUSE-SU-2019:0767-1
SUSE-SU-2019:0784-1
SUSE-SU-2019:0785-1
SUSE-SU-2019:0828-1
SUSE-SU-2019:0845-1
SUSE-SU-2019:0901-1
SUSE-SU-2019:1289-1
SUSE-SU-2019_0683-1
SUSE-SU-2019_0709-1
SUSE-SU-2019_0722-1
SUSE-SU-2019_0745-1
SUSE-SU-2019_0845-1
USN-3930-1
USN-3930-2
USN-3931-1
USN-3931-2
USN-3932-1
USN-3932-2
USN-3933-1
USN-3933-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu