CVE-2019-9213

Опубликовано: 27 фев. 2019

Источник: redhat

CVSS3: 5.5

Описание

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.

A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This allows attackers to abuse this mechanism to turn null pointer dereferences into workable exploits.

Меры по смягчению последствий

Enabling selinux prevents the public exploit from working correctly.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Fixed	RHSA-2019:0831	23.04.2019
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2019:1480	17.06.2019
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2019:1479	17.06.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1686136kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms

5.5 Medium

CVSS3