PT-2019-2625 · Linux+5 · Linux Kernel+5

Michael Ellerman

Published

2019-06-12

Updated

2022-04-18

CVE-2019-12817

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.1.15 for powerpc

Description The issue is related to a bug in the arch/powerpc/mm/mmu context book3s64.c component of the Linux kernel for powerpc systems. This bug allows unrelated processes to potentially read or write to each other's virtual memory under certain conditions, specifically when an mmap operation is performed above 512 TB. The vulnerability is caused by a buffer overflow in memory, which can be exploited to access or damage the memory content of other processes in the system using the mmap function.

Recommendations For Linux kernel versions prior to 5.1.15 for powerpc, update to version 5.1.15 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mmap function above 512 TB to minimize the risk of exploitation.

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALT-PU-2019-2141

ALT-PU-2019-2200

ALT-PU-2019-2201

ALT-PU-2019-2314

ALT-PU-2020-1198

ALT-PU-2020-1501

ALT-PU-2020-2410

ALT-PU-2020-2433

ALT-PU-2021-1870

BDU:2019-02507

CESA-2019_2703

CVE-2019-12817

DSA-4495-1

MGASA-2019-0314

OPENSUSE-SU-2019:1757-1

OPENSUSE-SU-2019_1757-1

RHSA-2019:2703

RHSA-2019_2703

SUSE-SU-2019:1744-1

SUSE-SU-2019:1765-1

SUSE-SU-2019:1769-1

SUSE-SU-2019:2069-1

SUSE-SU-2019:2430-1

SUSE-SU-2019_1765-1

SUSE-SU-2019_1769-1

USN-4031-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2019-2625 · Linux+5 · Linux Kernel+5

CVE-2019-12817

Weakness Enumeration

Related Identifiers

Affected Products

References · 639