Rewterz Threat Advisory – CVE-2018-2815 – Multiple F5 Java products, DoS vulnerability
December 20, 2018Rewterz Threat Advisory – Ryuk evolves as a new Targeted Ransomware
December 20, 2018Rewterz Threat Advisory – CVE-2018-2815 – Multiple F5 Java products, DoS vulnerability
December 20, 2018Rewterz Threat Advisory – Ryuk evolves as a new Targeted Ransomware
December 20, 2018SEVERITY: Medium
CATEGORY: Vulnerability
ANALYSIS SUMMARY
A use-after-free issue was found in the way Linux kernel’s KVM hypervisor processed posted interrupts, when nested(=1) virtualization is enabled. Innested_get_vmcs12_pages(). In case of an error while processing posted interrupt address, it unmaps the ‘pi_desc_page’ without resetting ‘pi_desc’ descriptor address. Which is later used in pi_test_and_clear_on().
A guest user/process could use this flaw to crash the host kernel resulting in DoS.
IMPACT
System access or Dos (Denial of Service) in guest virtual machine.
AFFECTED PRODUCTS
- Linux Kernel 3.16.62
- Linux Kernel 4.4.168
- Linux Kernel 4.9.146
- Linux Kernel 4.14.89
- Linux Kernel 4.19.10
REMEDIATION
Upstream patch can be followed from the following link.
(Note: This is a third-party patch, whereas the vendor has not released any patches for this vulnerability so far.)
https://marc.info/?l=kvm&m=154514994222809&w=2
If you thin you’re a victim of a cyber-attack, immediately send an email to soc@rewterz.com for a quick response.