Design/Logic Flaw

2019-10-3121:15:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability.

CPENameOperatorVersion
grsecurityeq>= 3.14.9.8201702060653 AND <= 3.14.9.24201704252333 
grsecurityge4.9.25
grsecurityle4.9.74
paxeq>= paxlinux4.9.8test1 AND <= paxlinux4.9.8test7

Name	Operator	Version
grsecurity	eq	>= 3.14.9.8201702060653 AND <= 3.14.9.24201704252333
grsecurity	ge	4.9.25
grsecurity	le	4.9.74
pax	eq	>= paxlinux4.9.8test1 AND <= paxlinux4.9.8test7

References

talosintelligence.com/vulnerability_reports/TALOS-2019-0784