CVE-2019-15666

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.0.19

Description The issue is related to an out-of-bounds array access in the xfrm policy unlink component of the Linux kernel, which can cause a denial of service. This is due to the verify newpolicy info function in net/xfrm/xfrm user.c mishandling directory validation. There have been reports of real-world incidents where this issue was exploited, resulting in the compromise of several large computational clusters in supercomputer centers in the UK, Germany, Switzerland, and Spain. The attackers exploited the vulnerability to gain root access and install malware for hidden cryptocurrency mining. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Linux kernel versions prior to 5.0.19, update to version 5.0.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the xfrm policy unlink component until a patch is available. Avoid using the verify newpolicy info function in the affected net/xfrm/xfrm user.c file until the issue is resolved. At the moment, there is no information about additional mitigation measures.