PT-2019-2808 · Linux+5 · Linux Kernel+5
Published
2019-04-11
·
Updated
2023-02-24
·
CVE-2019-11487
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.1-rc5
Description
The issue is related to a reference count overflow in the Linux kernel, specifically with the page-> refcount, which can lead to use-after-free issues. This can occur when there is approximately 140 GiB of RAM and is associated with files such as fs/fuse/dev.c, fs/pipe.c, and others. The exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. It can be triggered by FUSE requests.
Recommendations
For Linux kernel versions prior to 5.1-rc5, update to version 5.1-rc5 or later to resolve the issue. As a temporary workaround, consider restricting the amount of RAM available to prevent the reference count overflow. Additionally, restricting access to FUSE requests may help minimize the risk of exploitation until a patch is applied.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu