PT-2019-5609 · Linux+2 · Linux Kernel+2

Vasily Averin

Publicado

2019-02-15

Atualizado

2023-02-12

CVE-2019-10140

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions up to 3.10

Description A denial of service situation can be created by an attacker with local access via a NULL pointer dereference in the ovl posix acl create function in fs/overlayfs/dir.c. This allows attackers who can create directories on overlayfs to crash the kernel, resulting in a denial of service. The issue is related to errors in pointer dereferencing in the ovl posix acl create function.

Recommendations For Linux kernel versions up to 3.10, as a temporary workaround, consider restricting access to the ovl posix acl create function in fs/overlayfs/dir.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-476

Identificadores relacionados

BDU:2019-03209

BDU:2020-04693

CESA-2019_2029

CVE-2019-10140

RHSA-2019:2029

RHSA-2019:2043

RHSA-2019_2029

RHSA-2019_2043

Produtos afetados

Centos

Linux Kernel

Red Hat

PT-2019-5609 · Linux+2 · Linux Kernel+2

CVE-2019-10140

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28