PT-2019-5609 · Linux+2 · Linux Kernel+2

Vasily Averin

Published

2019-02-15

Updated

2023-02-12

CVE-2019-10140

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions up to 3.10

Description A denial of service situation can be created by an attacker with local access via a NULL pointer dereference in the ovl posix acl create function in fs/overlayfs/dir.c. This allows attackers who can create directories on overlayfs to crash the kernel, resulting in a denial of service. The issue is related to errors in pointer dereferencing in the ovl posix acl create function.

Recommendations For Linux kernel versions up to 3.10, as a temporary workaround, consider restricting access to the ovl posix acl create function in fs/overlayfs/dir.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-476

Related Identifiers

BDU:2019-03209

BDU:2020-04693

CESA-2019_2029

CVE-2019-10140

RHSA-2019:2029

RHSA-2019:2043

RHSA-2019_2029

RHSA-2019_2043

Affected Products

Centos

Linux Kernel

Red Hat

PT-2019-5609 · Linux+2 · Linux Kernel+2

CVE-2019-10140

Weakness Enumeration

Related Identifiers

Affected Products

References · 28