CVE-2018-12896

Sažetak

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.

Reference

https://bugzilla.kernel.org/show_bug.cgi?id=200189
https://github.com/lcytxw/bug_repro/tree/master/bug_200189
https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://usn.ubuntu.com/3847-1/
https://usn.ubuntu.com/3847-2/
https://usn.ubuntu.com/3847-3/
https://usn.ubuntu.com/3848-1/
https://usn.ubuntu.com/3848-2/
https://usn.ubuntu.com/3849-1/
https://usn.ubuntu.com/3849-2/

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

03-04-2019 - 12:04

Objavljeno

02-07-2018 - 17:29