CVE-2019-15292 Linux Kernel up to 5.0.8 atalk_proc.c atalk_proc_exit memory corruption

Background: Appletalk support allows your Linux machine to interwork with Apple networks. Below components conduct the specified functions.

  • sysctl_net_atalk.c: sysctl interface to net AppleTalk subsystem.
  • ddp.c: AppleTalk DDP protocol for Ethernet ELAP (ethertalk).
  • atalk_proc.c: proc support for Appletalk

The Use-After-Free vulnerability is related to above three components. Even though you do not use ApplyTalk, attacker by sending a request that submits malicious input to the targeted system. A successful exploit could allow the attacker to execute arbitrary code.

In the Linux kernel version 2.6.23, the /proc/sys/vm/mmap_min_addr tunable was introduced to prevent unprivileged users from creating new memory mappings below the minimum address. To enable it, add or amend the following entry in the /etc/sysctl.conf file: vm.mmap_min_addr = 4096

Security Focus: What is NULL pointer dereference flaws in the Linux? NULL pointer dereference flaws in the Linux kernel can often be abused by a local, unprivileged user to gain root privileges by mapping attacker-controlled data to low memory pages.

But above adjustment cannot resolve these vulnerabilities. It was because if alloc_disk fails in pcd_init_units, cd->disk will be NULL, however in pcd_detect and pcd_exit, it’s not check this before free.It may result a NULL pointer dereference.

Remedy: Kernel.org has released remedy at the following link – https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6377f787aeb945cae7abbb6474798de129e1f3ac

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.