[ASA-201811-1] linux: denial of service

2018-11-01T00:00:00
ID ASA-201811-1
Type archlinux
Reporter ArchLinux
Modified 2018-11-01T00:00:00

Description

Arch Linux Security Advisory ASA-201811-1

Severity: Low Date : 2018-11-01 CVE-ID : CVE-2018-18445 Package : linux Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-784

Summary

The package linux before version 4.18.13.arch1-1 is vulnerable to denial of service.

Resolution

Upgrade to 4.18.13.arch1-1.

pacman -Syu "linux>=4.18.13.arch1-1"

The problem has been fixed upstream in version 4.18.13.arch1.

Workaround

None.

Description

In the Linux kernel 4.14.x before 4.14.75 and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out- of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

Impact

A local attacker is able to crash the kernel and leak information using a specially crafted BPF program.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75 https://bugs.chromium.org/p/project-zero/issues/detail?id=1686 https://seclists.org/oss-sec/2018/q4/69 https://security.archlinux.org/CVE-2018-18445