Fixed
Created: Nov 26, 2018
Updated: May 18, 2019
Resolved Date: Apr 2, 2019
Found In Version: 7.0.0.5
Fix Version: 7.0.0.30
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Kernel
A vulnerability in the vcpu_scan_ioapic function of the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists in the vcpu_scan_ioapic function, as defined in the arch/x86/kvm/x86.c source code file of the affected software, and is due to the failure of the I/O Advanced Programmable Interrupt Controller (I/O APIC) to initialize. An attacker could exploit the vulnerability by accessing the system and executing an application that submits malicious system calls to the affected software. A successful exploit could trigger a NULL pointer dereference, which could result in a DoS condition.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19407
