SB2018070212 - Integer overflow in Linux kernel
Published: July 2, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2018-12896)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.
Remediation
Install update from vendor's website.
References
- https://bugzilla.kernel.org/show_bug.cgi?id=200189
- https://github.com/lcytxw/bug_repro/tree/master/bug_200189
- https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://usn.ubuntu.com/3847-1/
- https://usn.ubuntu.com/3847-2/
- https://usn.ubuntu.com/3847-3/
- https://usn.ubuntu.com/3848-1/
- https://usn.ubuntu.com/3848-2/
- https://usn.ubuntu.com/3849-1/
- https://usn.ubuntu.com/3849-2/