Vulnerability identifier: #VU19387

Vulnerability risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13648

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the "arch/powerpc/kernel/signal_32.c" and "arch/powerpc/kernel/signal_64.c" files on the PowerPC platform, when hardware transactional memory is disabled. A local authenticated attacker can make a "sigreturn()" system call that sends a signal frame that sends a signal frame that submits malicious input to the targeted system and cause a denial of service condition.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.2 - 5.2.4, 4.19 - 4.19.62, 4.9 - 4.9.186, 4.4 - 4.4.186

---

External links
http://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=c7ce5fe9288c5692fa456a8...
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.187
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.187
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.5
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.63
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.135
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.187
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.187

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.