Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

DoS Vulnerabilities Impact Linux Kernel

Two recently disclosed Linux kernel vulnerabilities that remain unpatched could be exploited for local denial-of-service (DoS).

The flaws, both which were made public last week, impact Linux kernel 4.19.2 and previous versions. Both represent NULL pointer deference bugs that can be exploited by local attackers and are considered Medium severity. 

Two recently disclosed Linux kernel vulnerabilities that remain unpatched could be exploited for local denial-of-service (DoS).

The flaws, both which were made public last week, impact Linux kernel 4.19.2 and previous versions. Both represent NULL pointer deference bugs that can be exploited by local attackers and are considered Medium severity. 

Tracked as CVE-2018-19406, the first issue was discovered in a Linux kernel function called kvm_pv_send_ipi, which is defined in arch/x86/kvm/lapic.c. The flaw is triggered when the Advanced Programmable Interrupt Controller (APIC) map does not initialize correctly. 

To exploit the security flaw, a local attacker can use crafted system calls to reach a situation where the apic map is uninitialized.

“The reason is that the apic map has not yet been initialized, the testcase triggers pv_send_ipi interface by vmcall which results in kvm->arch.apic_map is dereferenced,” Linux contributor Wanpeng Li reports.

A proposed patch attempts to address the vulnerability by “checking whether or not apic map is NULL and bailing out immediately if that is the case.”

The second vulnerability, which has been assigned CVE number CVE-2018-19407, impacts the vcpu_scan_ioapic function that is defined in arch/x86/kvm/x86.c. The bug is triggered when I/O Advanced Programmable Interrupt Controller (I/O APIC) does not initialize correctly. 

A local user looking to exploit the security flaw can use crafted system calls that reach a situation where ioapic is uninitialized.

Advertisement. Scroll to continue reading.

“The reason is that the testcase writes hyperv synic HV_X64_MSR_SINT6 msr and triggers scan ioapic logic to load synic vectors into EOI exit bitmap. However, irqchip is not initialized by this simple testcase, ioapic/apic objects should not be accessed,” Wanpeng Li explains

The proposed patch attempts to address the vulnerability by abandoning scan ioapic if ioapic hasn’t been yet initialized in kernel. 

Patches for these two bugs were made available in the unofficial Linux Kernel Mailing List (LKML) archive, but haven’t been pushed upstream. 

Related: Linux Kernel Vulnerability Affects Red Hat, CentOS, Debian

Related: Google Project Zero Discloses New Linux Kernel Flaw

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.