PT-2019-3454 · Linux+5 · Linux Kernel+5
Praveen Pandey
·
Publicado
2019-07-18
·
Atualizado
2021-05-28
·
CVE-2019-13648
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.2.1 on the powerpc platform
Description
The issue is related to an error in resource management when using the sigreturn() system call. A local user can cause a denial of service, leading to a TM Bad Thing exception and system crash, by sending a crafted signal frame via a sigreturn() system call. This affects the arch/powerpc/kernel/signal 32.c and arch/powerpc/kernel/signal 64.c files.
Recommendations
For Linux kernel versions prior to 5.2.1 on the powerpc platform:
As a temporary workaround, consider restricting the use of the sigreturn() system call until a patch is available.
Avoid using the sigreturn() system call with crafted signal frames to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu