#VU21057 Resource management error in Linux kernel


Published: 2019-09-11

Vulnerability identifier: #VU21057

Vulnerability risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11487

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reference count overflow in page->_refcount that leads to a use-after-free error on systems with more than 140 GiB of RAM. A local user can send specially crafted FUSE requests that may lead to denial of service conditions.

The vulnerability is related to code in fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c files.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 5.1 rc1 - 5.1 rc4

External links
http://www.openwall.com/lists/oss-security/2019/04/29/1
http://www.securityfocus.com/bid/108054
http://bugs.chromium.org/p/project-zero/issues/detail?id=1752
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15fab63e1e57be9fdb5eec1bbc5916e9825e9acb
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=88b1a17dfc3ed7728316478fae0f5ad508f50397
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fde12ca79aff9b5ba951fce1a2641901b8d8e64
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f958d7b528b1b40c44cfda5eabe2d82760d868c3
http://github.com/torvalds/linux/commit/15fab63e1e57be9fdb5eec1bbc5916e9825e9acb
http://github.com/torvalds/linux/commit/6b3a707736301c2128ca85ce85fb13f60b5e350a
http://github.com/torvalds/linux/commit/88b1a17dfc3ed7728316478fae0f5ad508f50397
http://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64
http://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3
http://lwn.net/Articles/786044/
http://security.netapp.com/advisory/ntap-20190517-0005/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


CentOS 6 update for kernel
Red Hat Enterprise Linux 6 update for kernel
Red Hat Enterprise MRG 2 update for kernel-rt
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise Linux 7.6 Extended Update Support update for kernel
CentOS 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel-rt
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel-alt