DoS Vulnerabilities Impact Linux Kernel
November 26, 2018 / Ionut Arghire
Two recently disclosed Linux kernel vulnerabilities that remain unpatched could be exploited for local denial-of-service (DoS). The flaws, both which were made public last week, impact Linux kernel 4.19.2 and previous versions. Both represent NULL pointer deference bugs that can be exploited by local attackers and are considered Medium severity. Tracked as CVE-2018-19406, the first issue was discovered in a Linux kernel function called kvm_pv_send_ipi, which is defined in arch/x86/kvm/lapic.c. The flaw is triggered when the Advanced Programmable Interrupt Controller (APIC) map does not initialize correctly. To exploit the security flaw, a local attacker can use crafted system calls to reach a situation where the apic map is uninitialized. “The reason is that the apic map has not yet been initialized, the testcase triggers pv_send_ipi interface by vmcall which results in kvm->arch.apic_map is dereferenced,” Linux contributor Wanpeng Li reports.