Stories
Slash Boxes
Comments

SoylentNews is people

Linux Kernel Hole Reported: CVE-2019-11811

posted by martyb on Monday July 22 2019, @05:58PM   Printer-friendly
from the ALL-kernels-affected dept.

An Anonymous Coward writes:

https://www.securityfocus.com/bid/108410

From the RedHat bug discussion:

https://bugzilla.redhat.com/show_bug.cgi?id=1709180

A flaw was found in the Linux kernels implementation of IPMI (remote baseband access) where an attacker with local access to read /proc/ioports may be able to create a use-after-free condition when the kernel module is unloaded. The use after-free condition may result in privilege escalation. Investigation is ongoing.

See https://security-tracker.debian.org/tracker/CVE-2019-11811 for a lot of other distro links (the Source section at the top).

Original Submission

 
This discussion has been archived. No new comments can be posted.
Linux Kernel Hole Reported: CVE-2019-11811 | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday July 22 2019, @09:13PM

    by Anonymous Coward on Monday July 22 2019, @09:13PM (#870080)

    Like this one ("privilege escalation" through running rmmod of all things? are they for real?) or the previous sound and fury about vulnerable RDS (a protocol that no one uses, compiled into module that never gets loaded).
    While bleeding-edge kernels get data loss bugs. I would MUCH rather deal with a fictional "breach" or two that have no chance to affect a real-world system, than with an actual massive loss of data. Not everything is cat pictures, not everything is backed up right on creation, and some data loss bugs can trash your backups just as nicely. Examples abound.