Lucene search

K
redhatcveRedhat.comRH:CVE-2019-11487
HistoryApr 07, 2020 - 5:14 p.m.

CVE-2019-11487

2020-04-0717:14:51
redhat.com
access.redhat.com
28

0.002 Low

EPSS

Percentile

52.6%

A flaw was found in the Linux kernel’s implementation of the FUSE filesystem, where it allows a page reference counter overflow. If a page reference counter overflows into a negative value, it can be placed back into the β€œfree” list for reuse by other applications. This flaw allows a local attacker who can manipulate memory page reference counters to cause memory corruption and possible privilege escalation by triggering a use-after-free condition. The current attack requires the system to have approximately 140 GB of RAM for this attack to be performed. It may be possible that the attack can occur with fewer memory requirements.

Mitigation

Preventing loading of the 'fuse' kernel module will prevent attackers from using this exploit against the system; howeve the functionality of being able to access the filesystems that would be allowed by fuse would no longer be allowed . See β€œHow do I blacklist a kernel module to prevent it from loading automatically?" ( <https://access.redhat.com/solutions/41278&gt;) for instructions on how to disable the 'fuse' kernel module from autoloading. This mitigation may not be suitable if access to the functionality provided by fuse is required.