In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article introduces what are the two unfixed DoS vulnerabilities found in the Linux kernel. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.
Contributor Wanpeng Li (Li Wanpeng) recently found two denial of service (DOS) in Linux Kernel, allowing local attackers to use null pointer references to BUG to trigger DOS status. The first vulnerability, numbered CVE-2018-19406 in Common Vulnerabilities and Exposure, exists in the kvm_pv_send_ipi function of the Linux kernel, which is defined in the arch/x86/kvm/lapic.c file.
A CVE-2018-19406 vulnerability has been identified in Linux Kernel 4.19.2 that allows the attacker of this visit to use crafted system calls on unrepaired devices to reach the DOS state. This problem is caused by the failure of the Advanced Programmable interrupt Controller (APIC) to initialize correctly.
Li wrote in his announcement: "the apic mapping has not been initialized, and the pv_send_ipi interface was triggered using vmcall in the test case, resulting in kvm- > arch.apic_map being dereferenced."
The second vulnerability discovered by Li is limited to situations where an attacker can physically access the device. The problem is numbered CVE-2018-19407 in the CVE library and appears in the kvm_pv_send_ipi functional kernel function in the Arch/x86/kvm/lapic.c source code file. Since the I / O Advanced Programmable interrupt Controller (I / O APIC) cannot be initialized, a local attacker can deny service by submitting a malicious system call that triggers a NULL pointer delay condition.
On the Linux kernel found that the two unfixed DoS vulnerabilities are what are shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
