Home > Cyber News > CVE-2018-14619: New Critical Linux Kernel Vulnerability

CVE-2018-14619: New Critical Linux Kernel Vulnerability

A new Linux kernel vulnerability identified as CVE-2018-14619 has been discovered by Red Hat Engineering researchers Florian Weimer and Ondrej Mosnacek. More particularly, the flaw was found in the crypto subsystem of the Linux kernel.

CVE-2018-14619 Technical Details

The flaw could grant a local user the right to crash the machine and to cause corrupt memory leading to privilege escalation.

The “null skcipher” was being dropped in the wrong place – when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use, the researchers explained.

The CVE-2018-14619 vulnerability is located in Linux Kernel up to 4.15-rc3 and it’s been classified as critical. A function of the component Crypto Subsystem has been affected, and as a result of it, a memory corruption vulnerability appears. The result of an exploit could lead to an impact on confidentiality, intergrity, and availability, researchers say.

It appears that the vulnerability was shared on 08/30/2018 in the form of a bug report on Bugzilla bugzilla.redhat.com. It should be noted that for CVE-2018-14619 to be triggered, local access is required, with a single authentication needed for exploitation. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment, Bugzilla researchers reported.

Related Story: Verified Microkernel: the Cure for All Linux OS Vulnerabilities?

To mitigate the CVE-2018-14619 vulnerability, upgrading to version 4.15-rc4 is needed. Once the update in applied, the vulnerability is eliminated.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree