CVE-2018-14619: New Critical Linux Kernel Vulnerability
CYBER NEWS

CVE-2018-14619: New Critical Linux Kernel Vulnerability

A new Linux kernel vulnerability identified as CVE-2018-14619 has been discovered by Red Hat Engineering researchers Florian Weimer and Ondrej Mosnacek. More particularly, the flaw was found in the crypto subsystem of the Linux kernel.




CVE-2018-14619 Technical Details

The flaw could grant a local user the right to crash the machine and to cause corrupt memory leading to privilege escalation.

The “null skcipher” was being dropped in the wrong place – when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use, the researchers explained.

The CVE-2018-14619 vulnerability is located in Linux Kernel up to 4.15-rc3 and it’s been classified as critical. A function of the component Crypto Subsystem has been affected, and as a result of it, a memory corruption vulnerability appears. The result of an exploit could lead to an impact on confidentiality, intergrity, and availability, researchers say.

It appears that the vulnerability was shared on 08/30/2018 in the form of a bug report on Bugzilla bugzilla.redhat.com. It should be noted that for CVE-2018-14619 to be triggered, local access is required, with a single authentication needed for exploitation. The structure of the vulnerability defines a possible price range of USD $5k-$25k at the moment, Bugzilla researchers reported.

Related Story: Verified Microkernel: the Cure for All Linux OS Vulnerabilities?

To mitigate the CVE-2018-14619 vulnerability, upgrading to version 4.15-rc4 is needed. Once the update in applied, the vulnerability is eliminated.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...