Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

What are the two unfixed DoS vulnerabilities found by the Linux kernel?

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article introduces what are the two unfixed DoS vulnerabilities found in the Linux kernel. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

Contributor Wanpeng Li (Li Wanpeng) recently found two denial of service (DOS) in Linux Kernel, allowing local attackers to use null pointer references to BUG to trigger DOS status. The first vulnerability, numbered CVE-2018-19406 in Common Vulnerabilities and Exposure, exists in the kvm_pv_send_ipi function of the Linux kernel, which is defined in the arch/x86/kvm/lapic.c file.

A CVE-2018-19406 vulnerability has been identified in Linux Kernel 4.19.2 that allows the attacker of this visit to use crafted system calls on unrepaired devices to reach the DOS state. This problem is caused by the failure of the Advanced Programmable interrupt Controller (APIC) to initialize correctly.

Li wrote in his announcement: "the apic mapping has not been initialized, and the pv_send_ipi interface was triggered using vmcall in the test case, resulting in kvm- > arch.apic_map being dereferenced."

The second vulnerability discovered by Li is limited to situations where an attacker can physically access the device. The problem is numbered CVE-2018-19407 in the CVE library and appears in the kvm_pv_send_ipi functional kernel function in the Arch/x86/kvm/lapic.c source code file. Since the I / O Advanced Programmable interrupt Controller (I / O APIC) cannot be initialized, a local attacker can deny service by submitting a malicious system call that triggers a NULL pointer delay condition.

On the Linux kernel found that the two unfixed DoS vulnerabilities are what are shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Vulnerabilities kernels attackers attacks two functions advanced content programmability pointers controllers files more states systems devices problems programmability help control vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Microsoft Docker macOS OPPO Reno Xiaomi vpn Redmi Apple Shulou Technology MySQL Linux NVidia Shulou Tech Info Shulou Information MariaDB Huawei Microsoft Docker macOS OPPO Reno Xiaomi vpn Redmi Apple Shulou Technology MySQL Linux NVidia Shulou Tech Info Shulou Information MariaDB Huawei

Share To

Related

Servers

More Servers >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report