Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
DoS Vulnerabilities Found in Linux Kernel, Unpatched
#1
https://news.softpedia.com/news/dos-vuln...pd_related       DoS Vulnerabilities Found in Linux Kernel, Unpatched

Local attacks could trigger DoS state via crafted sys calls
Nov 23, 2018 21:26 GMT  ·  By Sergiu Gatlan ·  Comment  ·  Share:                  
Vulnerable Linux distros
Two denial-of-service (DoS) vulnerabilities found in the Linux Kernel by contributor Wanpeng Li could allow local attackers to exploit null pointer deference bugs to trigger DoS conditions.

The first vulnerability, which received the CVE-2018-19406 ID in the Common Vulnerabilities and Exposures database, resides in the kvm_pv_send_ipi function of the Linux kernel, defined in the arch/x86/kvm/lapic.c file.

CVE-2018-19406 affects Linux kernel version up to 4.19.2, and it allows potential attackers with local access to the vulnerable machine to trigger a DoS state using specially crafted system calls that "reach a situation where the apic map is uninitialized."

Moreover, the issue is triggered because the Advanced Programmable Interrupt Controller (APIC) map fails to initialize correctly.

"The reason is that the apic map has not yet been initialized, the testcase triggers pv_send_ipi interface by vmcall which results in kvm->arch.apic_map is dereferenced," says Li in his advisory.

Public exploit code already available for CVE-2018-19407
The second vulnerability found by Li can also be exploited only by attackers that have physical access to the vulnerable Linux machine.

The issue got assigned the CVE-2018-19407 ID by the CVE database, and it is present in the kvm_pv_send_ipi function kernel function that can be found in the Arch/x86/kvm/lapic.c source code file.

Local attackers can exploit this issue by submitting maliciously crafter system calls to trigger a NULL pointer deference condition because the I/O Advanced Programmable Interrupt Controller (I/O APIC) fails to initialize.

"The reason is that the testcase writes hyperv synic HV_X64_MSR_SINT6 msr and triggers scan ioapic logic to load synic vectors into EOI exit bitmap," according to Li's description of the issue. "However, irqchip is not initialized by this simple testcase, ioapic/apic objects should not be accessed.

Although public exploit code is already available for the CVE-2018-19407 security bug, there is no known way to mitigate the issue.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Top Linux Vulnerabilities Exploited by Hackers mrtrout 0 504 08-27-2021 , 01:12 AM
Last Post: mrtrout
  Critical Vulnerabilities Found in Custom TCP/IP Stack mrtrout 0 652 08-06-2021 , 03:37 AM
Last Post: mrtrout
  Valve's Source Engine Cheating Exploit Has Remained Unpatched For Two Years Bjyda 0 780 04-13-2021 , 05:09 PM
Last Post: Bjyda
  Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-2 Bjyda 0 968 03-05-2021 , 12:27 AM
Last Post: Bjyda
  Unpatched Bug in WiFi Mouse App Opens PCs to Attack Bjyda 0 849 03-03-2021 , 11:30 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)