linux kernel vulnerability
09
JAN

According to Cyber-security Company, the term ‘Vulnerability’ is a flaw in a system that can lead to cyber attack. The vulnerability may also allow causing any type of weakness in a computer system itself, or a set of processes, or in anything that leaves information security disclosed to an attack.

CVE is a record of information security vulnerabilities and risks that aims to provide common names for publicly known problems. CVE aims to make it easier to share data across separate vulnerability efficiency (tools, repositories, and services) with this "common enumeration."

The Vulnerability has been reported in Linux Kernel 5.0 0-rc7 (Operating System). Discovered on 30th December, this vulnerability allows a local attacker to cause a denial of service condition on a targeted system.

Cyber Security Services are becoming well aware of a new kind of vulnerability with high attack complexities.

CVE Name:

CVE-20196-19927

Risk:

Medium

Technologies Affected:

Linux kernel 5.0.0-rc7

Mitigations:

None

This vulnerability exists in ttm_put_pages of the file (drivers/gpu/drm/ttm/ttm_page_alloc.c.) of Linux kernelhas been classified as critical.

This Vulnerability may also affect other versions. Directing towards an unknown input leads to a memory exploiting vulnerability (Out-of-Bounds). CWE (Common Weakness Enumeration) is classifying the issue as CWE-119. The vulnerability may impact the confidentially, integrity and availability of the company security.

To date, no exploit has been recorded. The price for an exploit might be around USD $5k- $25k at that moment (as calculated on 31.12.2019). No such information on countermeasures is known till now. It is best to replace the affected object with an alternative product.

Any Computer and network personnel should always stay aware of current vulnerabilities in the software they use. It will help to seek out ways to protect against them.

Recommendations:

  • ✔ Permission should be restricted to trusted individuals only. If only a restricted individual has access to the resource then the chance of exploiting this vulnerability can get lower. Restricted environments and restricted shells must be used where possible.
  • ✔ To diminish the impact of the hidden vulnerabilities always run non-administrative software as an unprivileged user with minimal access rights.

Disclaimer

The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Source: Symantec



Leave a Comment:

Populer Postes

Vb script vulnerebilities

04 Jan, 2020

Why Every Small Business Should Care about Cyber Attacks?

Get Exclusive Cyber Security Tips On:

Prevention from damage dealt to an organization’s reputation.

Investments on fixing the issues caused by attack.

Preventing confidential data and Intellectual Property being stolen

Prevention of revenue loss due to service disruption and much more.

Subscribe Now