PT-2019-3454 · Linux+5 · Linux Kernel+5
Praveen Pandey
·
Published
2019-07-18
·
Updated
2021-05-28
·
CVE-2019-13648
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.2.1 on the powerpc platform
Description
The issue is related to an error in resource management when using the sigreturn() system call. A local user can cause a denial of service, leading to a TM Bad Thing exception and system crash, by sending a crafted signal frame via a sigreturn() system call. This affects the arch/powerpc/kernel/signal 32.c and arch/powerpc/kernel/signal 64.c files.
Recommendations
For Linux kernel versions prior to 5.2.1 on the powerpc platform:
As a temporary workaround, consider restricting the use of the sigreturn() system call until a patch is available.
Avoid using the sigreturn() system call with crafted signal frames to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu