PT-2019-11594 · Linux+2 · Linux Kernel+2

Marian Rehak

Published

2019-05-22

Updated

2019-10-09

CVE-2019-10142

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.0.x up to, excluding 5.0.17

Description: A flaw in the Linux kernel's freescale hypervisor manager implementation allows an attacker to crash the system, corrupt memory, or create other adverse security effects. This is due to incorrect validation and use of a parameter passed to an ioctl in size calculations for the page size calculation.

Recommendations: For Linux kernel versions 5.0.x up to, excluding 5.0.17, consider updating to version 5.0.17 or later to resolve the issue. As a temporary workaround, restrict access to the ioctl to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-190

Related Identifiers

ALT-PU-2019-1892

ALT-PU-2019-1893

ALT-PU-2019-1896

ALT-PU-2019-2077

CVE-2019-10142

MGASA-2019-0185

MGASA-2019-0196

MGASA-2019-0197

USN-4076-1

Affected Products

Alt Linux

Linux Kernel

Ubuntu

PT-2019-11594 · Linux+2 · Linux Kernel+2

CVE-2019-10142

Weakness Enumeration

Related Identifiers

Affected Products

References · 36