PT-2019-2808 · Linux+5 · Linux Kernel+5
Publicado
2019-04-11
·
Atualizado
2023-02-24
·
CVE-2019-11487
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.1-rc5
Description
The issue is related to a reference count overflow in the Linux kernel, specifically with the page-> refcount, which can lead to use-after-free issues. This can occur when there is approximately 140 GiB of RAM and is associated with files such as fs/fuse/dev.c, fs/pipe.c, and others. The exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. It can be triggered by FUSE requests.
Recommendations
For Linux kernel versions prior to 5.1-rc5, update to version 5.1-rc5 or later to resolve the issue. As a temporary workaround, consider restricting the amount of RAM available to prevent the reference count overflow. Additionally, restricting access to FUSE requests may help minimize the risk of exploitation until a patch is applied.
Exploit
Correção
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu