CVE-2018-19407NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference27 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.0
EPSS
0.1%
top 76.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxCanonical Ubuntu Linux
Timeline
PublishedNov 21
Latest updateMay 14

Description

The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 4.19.9-1+3
Ubuntulinux/linux_kernel< 4.4.0-142.168+2
NVDlinux/linux_kernel4.19.2
debiandebian/linux< linux 4.19.9-1 (bookworm)

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: lkml.orgPatch: lkml.org

🔴Vulnerability Details

11
GHSA
GHSA-gpgg-jpcr-93m3: The vcpu_scan_ioapic function in arch/x86/kvm/x862022-05-14
OSV
linux, linux-hwe regression2019-02-08
OSV
linux-azure vulnerabilities2019-02-07
OSV
linux-lts-xenial, linux-aws vulnerabilities2019-02-04
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2019-02-04

📋Vendor Advisories

13
Ubuntu
Linux kernel regression2019-02-08
Ubuntu
Linux kernel (Azure) vulnerabilities2019-02-07
Ubuntu
Linux kernel (Azure) vulnerabilities2019-02-07
Ubuntu
Linux kernel (AWS, GCP, KVM, OEM, Raspberry Pi 2) vulnerabilities2019-02-04
Ubuntu
Linux kernel vulnerabilities2019-02-04

💬Community

2
Bugzilla
CVE-2018-19407 kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c2018-11-22
Bugzilla
CVE-2018-19407 kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c [fedora-all]2018-11-22