Linux Kernel flush_tmregs_to_thread Function Denial of Service Vulnerability [CVE-2018-1091]
A vulnerability in the flush_tmregs_to_thread function of the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path by the affected software. This occurs when the flush_tmregs_to_thread function, as defined in the arch/powerpc/kernel/ptrace.c source code file of the affected software, is used. An attacker could exploit this vulnerability by using unprivileged userspace during a core dump on a POWER host. A successful exploit could trigger a guest kernel crash, resulting in a DoS condition on the system.
Kernel.org has confirmed the vulnerability and released software updates.
CVE number – CVE-2018-1091
-
To exploit this vulnerability, an attacker must have local access to the targeted system. This access requirement may reduce the likelihood of a successful exploit.
-
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to access local systems.
Administrators are advised to monitor affected systems.
-
Kernel.org has released a git commit and changelog at the following links: commit c1fa0768a8713b135848f78fd43ffc208d8ded70 and Changelog-4.13.5
-
Kernel.org has released a patch and software updates at the following links: Kernel 4.13.5 or later and powerpc/tm: Flush TM only if CPU has TM feature
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.