First published: Thu Jul 04 2019(Updated: )
A vulnerability was found in arch/x86/lib/insn-eval.c in the Linux kernel, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. Reference: <a href="https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9">https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9</a> <a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=1879">https://bugs.chromium.org/p/project-zero/issues/detail?id=1879</a> Upstream commit: <a href="https://github.com/torvalds/linux/commit/de9f869616dd95e95c00bdd6b0fcd3421e8a4323">https://github.com/torvalds/linux/commit/de9f869616dd95e95c00bdd6b0fcd3421e8a4323</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de9f869616dd95e95c00bdd6b0fcd3421e8a4323">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de9f869616dd95e95c00bdd6b0fcd3421e8a4323</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1127.rt56.1093.el7 | 0:3.10.0-1127.rt56.1093.el7 |
redhat/kernel | <0:3.10.0-1127.el7 | 0:3.10.0-1127.el7 |
redhat/kernel | <0:3.10.0-957.56.1.el7 | 0:3.10.0-957.56.1.el7 |
redhat/kernel | <0:3.10.0-1062.26.1.el7 | 0:3.10.0-1062.26.1.el7 |
redhat/kernel-rt | <0:4.18.0-147.rt24.93.el8 | 0:4.18.0-147.rt24.93.el8 |
redhat/kernel | <0:4.18.0-147.el8 | 0:4.18.0-147.el8 |
Linux Linux kernel | <5.1.9 | |
IBM Data Risk Manager | <=2.0.6 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)