CVE-2019-13648

kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.

En el kernel de Linux hasta versión 5.2.1 sobre la plataforma powerpc, cuando la memoria transaccional de hardware está deshabilitada, un usuario local puede causar una denegación de servicio (excepción de TM Bad Thing y bloqueo del sistema) por medio de una llamada de sistema de la función sigreturn() que envía una trama de señal diseñada. Esto afecta a los archivos arch/powerpc/kernel/signal_32.c y arch/powerpc/kernel/signal_64.c.

A flaw was found in the PowerPc platform, where the kernel will panic if the transactional memory is disabled. An attacker could use this flaw to panic the system by constructing a signal context through the transactional memory MSR bits set.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-07-18 CVE Reserved
2019-07-19 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors
CWE-400: Uncontrolled Resource Consumption

CAPEC

References (19)

URL	Tag	Source
http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html	X_refsource_misc
http://www.openwall.com/lists/oss-security/2019/07/30/1	Mailing List
https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe	X_refsource_confirm
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html	Mailing List
https://seclists.org/bugtraq/2019/Aug/13	Mailing List
https://seclists.org/bugtraq/2019/Aug/18	Mailing List
https://seclists.org/bugtraq/2019/Aug/26	Mailing List
https://security.netapp.com/advisory/ntap-20190806-0001	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
https://patchwork.ozlabs.org/patch/1133904	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GRK2MW223KQZ76DKEF2BZFN6TCXLZLDS	2023-11-07
https://usn.ubuntu.com/4114-1	2023-11-07
https://usn.ubuntu.com/4115-1	2023-11-07
https://usn.ubuntu.com/4116-1	2023-11-07
https://www.debian.org/security/2019/dsa-4495	2023-11-07
https://www.debian.org/security/2019/dsa-4497	2023-11-07
https://access.redhat.com/security/cve/CVE-2019-13648	2020-07-21
https://bugzilla.redhat.com/show_bug.cgi?id=1735630	2020-07-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 5.2.1 Search vendor "Linux" for product "Linux Kernel" and version " <= 5.2.1"		-		Affected