PT-2019-1435 · Linux+5 · Linux Kernel+5

Published

2017-03-17

·

Updated

2021-06-02

·

CVE-2019-8980

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.20.11
Description The issue is related to a memory leak in the kernel read file function, specifically in the fs/exec.c file of the Linux kernel. This leak occurs when handling vfs read failures, allowing attackers to cause a denial of service by consuming memory. The exploitation of this issue can be achieved by triggering vfs read failures, potentially through specially crafted files.
Recommendations For Linux kernel versions through 4.20.11, consider updating to a version that includes a fix for the memory leak in the kernel read file function to prevent denial of service attacks. As a temporary workaround, consider restricting access to sensitive files and implementing memory usage monitoring to minimize the risk of exploitation.

Exploit

Fix

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-399

Related Identifiers

ALT-PU-2017-1299
ALT-PU-2018-1557
ALT-PU-2019-1415
ALT-PU-2019-1436
ALT-PU-2019-1506
BDU:2019-00818
CESA-2020_1567
CESA-2020_1769
CVE-2019-8980
DLA-1771-1
OPENSUSE-SU-2019:1193-1
OPENSUSE-SU-2019_1193-1
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020_1567
RHSA-2020_1769
SUSE-SU-2019:0765-1
SUSE-SU-2019:0767-1
SUSE-SU-2019:0784-1
SUSE-SU-2019:0785-1
USN-3930-1
USN-3930-2
USN-3931-1
USN-3931-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu