#VU21057 Resource management error in Linux kernel - CVE-2019-11487


Vulnerability identifier: #VU21057

Vulnerability risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-11487

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reference count overflow in page->_refcount that leads to a use-after-free error on systems with more than 140 GiB of RAM. A local user can send specially crafted FUSE requests that may lead to denial of service conditions.

The vulnerability is related to code in fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c files.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 5.1 rc1 - 5.1 rc4

External links
https://www.openwall.com/lists/oss-security/2019/04/29/1
https://www.securityfocus.com/bid/108054
https://bugs.chromium.org/p/project-zero/issues/detail?id=1752
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15fab63e1e57be9fdb5eec1bbc5916e9825e9acb
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b3a707736301c2128ca85ce85fb13f60b5e350a
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=88b1a17dfc3ed7728316478fae0f5ad508f50397
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fde12ca79aff9b5ba951fce1a2641901b8d8e64
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f958d7b528b1b40c44cfda5eabe2d82760d868c3
https://github.com/torvalds/linux/commit/15fab63e1e57be9fdb5eec1bbc5916e9825e9acb
https://github.com/torvalds/linux/commit/6b3a707736301c2128ca85ce85fb13f60b5e350a
https://github.com/torvalds/linux/commit/88b1a17dfc3ed7728316478fae0f5ad508f50397
https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64
https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3
https://lwn.net/Articles/786044/
https://security.netapp.com/advisory/ntap-20190517-0005/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


CentOS 6 update for kernel
Red Hat Enterprise Linux 6 update for kernel
Red Hat Enterprise MRG 2 update for kernel-rt
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise Linux 7.6 Extended Update Support update for kernel
CentOS 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel-rt
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel-alt