Stories
Slash Boxes
Comments

SoylentNews is people

Linux Kernel Hole Reported: CVE-2019-11811

posted by martyb on Monday July 22 2019, @05:58PM   Printer-friendly
from the ALL-kernels-affected dept.

An Anonymous Coward writes:

https://www.securityfocus.com/bid/108410

From the RedHat bug discussion:

https://bugzilla.redhat.com/show_bug.cgi?id=1709180

A flaw was found in the Linux kernels implementation of IPMI (remote baseband access) where an attacker with local access to read /proc/ioports may be able to create a use-after-free condition when the kernel module is unloaded. The use after-free condition may result in privilege escalation. Investigation is ongoing.

See https://security-tracker.debian.org/tracker/CVE-2019-11811 for a lot of other distro links (the Source section at the top).

Original Submission

 
This discussion has been archived. No new comments can be posted.
Linux Kernel Hole Reported: CVE-2019-11811 | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by PartTimeZombie on Monday July 22 2019, @08:35PM

    by PartTimeZombie (4827) on Monday July 22 2019, @08:35PM (#870073)

    Good policy.

    Also, don't give local access to all and sundry:

    ...an attacker with local access to read /proc/ioports...

    I am going to assume that local attacker also needs to be part of the sudoers group.

    I am not going to worry too much about this one.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2