From: Steve Beattie
Date: Mar 6, 2019 5:18AM
To:
Jann Horn discovered that the userfaultd implementation in the Linux kernel
did not properly restrict access to certain ioctls. A local attacker could
use this possibly to modify files. (CVE-2018-18397)
It was discovered that the crypto subsystem of the Linux kernel leaked
uninitialized memory to user space in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2018-19854)
Jann Horn discovered a race condition in the fork() system call in
the Linux kernel. A local attacker could use this to gain access to
services that cache authorizations. (CVE-2019-6133)
References:
https://usn.ubuntu.com/usn/usn-3901-1
CVE-2018-18397, CVE-2018-19854, CVE-2019-6133
沒有留言:
張貼留言