Wind River Support Network

HomeDefectsSCP6-1313
Not to be fixed

SCP6-1313 : Security Advisory - linux - CVE-2018-19407

Created: Nov 27, 2018    Updated: Oct 9, 2019
Resolved Date: Oct 9, 2019
Previous ID: LIN6-15173
Found In Version: 6.0.0.37
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Kernel

Description

A vulnerability in the vcpu_scan_ioapic function of the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the vcpu_scan_ioapic function, as defined in the arch/x86/kvm/x86.c source code file of the affected software, and is due to the failure of the I/O Advanced Programmable Interrupt Controller (I/O APIC) to initialize. An attacker could exploit the vulnerability by accessing the system and executing an application that submits malicious system calls to the affected software. A successful exploit could trigger a NULL pointer dereference, which could result in a DoS condition.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19407
Live chat
Online