PT-2019-4349 · Linux+2 · Linux+2
Jason A. Donenfeld
+1
·
Published
2019-09-26
·
Updated
2023-01-20
·
CVE-2019-18198
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux versions prior to 5.3.4
Description
A local attacker can exploit a reference count usage error in the
fib6 rule suppress() function in the fib6 suppression feature of the net/ipv6/fib6 rules.c file, when handling the FIB LOOKUP NOREF flag, to corrupt memory. This issue is related to the lack of resource release after its expiration, which can allow an attacker to cause memory damage.Recommendations
For versions prior to 5.3.4, update to version 5.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the
fib6 rule suppress() function until a patch is available.Exploit
Fix
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Linux
Ubuntu