Stories
Slash Boxes
Comments

SoylentNews is people

Linux Kernel Hole Reported: CVE-2019-11811

posted by martyb on Monday July 22 2019, @05:58PM   Printer-friendly
from the ALL-kernels-affected dept.

An Anonymous Coward writes:

https://www.securityfocus.com/bid/108410

From the RedHat bug discussion:

https://bugzilla.redhat.com/show_bug.cgi?id=1709180

A flaw was found in the Linux kernels implementation of IPMI (remote baseband access) where an attacker with local access to read /proc/ioports may be able to create a use-after-free condition when the kernel module is unloaded. The use after-free condition may result in privilege escalation. Investigation is ongoing.

See https://security-tracker.debian.org/tracker/CVE-2019-11811 for a lot of other distro links (the Source section at the top).

Original Submission

 
This discussion has been archived. No new comments can be posted.
Linux Kernel Hole Reported: CVE-2019-11811 | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by sjames on Monday July 22 2019, @10:56PM

    by sjames (2882) on Monday July 22 2019, @10:56PM (#870116) Journal

    Fortunately, this bug is unlikely to be triggered and unlikely to be exploited. Looking at the actual kernel patch, it could only happen iof the module failed to init when loaded, and when the bug is triggered, the kernel oopses.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2