Vulnerability Linux kernel via try_merge_free_space

0
32


The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Synthesis of the vulnerability 


An attacker can force the usage of a freed memory area via try_merge_free_space() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Linux.
Severity of this bulletin: 2/4.
Creation date: 09/12/2019.
Références of this threat: CVE-2019-19448, VIGILANCE-VUL-31095.

Description of the vulnerability 


An attacker can force the usage of a freed memory area via try_merge_free_space() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

This computer vulnerability note impacts software or systems such as Linux.

Our Vigil@nce team determined that the severity of this computer vulnerability announce is medium.

The trust level is of type confirmed by the editor, with an origin of physical access.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this cybersecurity announce.

Solutions for this threat 


Linux kernel: patch for try_merge_free_space.
A patch is indicated in information sources.
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

Computer vulnerabilities tracking service 


Vigil@nce provides an application vulnerability alert. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.





Source link