CVE-2019-13648

Severity

49%

Complexity

39%

Confidentiality

115%

In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.

CVSS 3.0 Base Score 5.5. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 5 years ago

2019-07-19 13:15:00

Last updated 5 years ago

2019-07-30 12:15:00

Affected Software

Linux Kernel

References

openSUSE-SU-2019:1924

openSUSE-SU-2019:1923

http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

[oss-security] 20190730 CVE-2019-13648: Linux kernel: powerpc: kernel crash in TM handling triggerable by any local user

https://git.kernel.org/torvalds/c/f16d80b75a096c52354c6e0a574993f3b0dfbdfe

[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update

FEDORA-2019-7aecfe1c4b

https://patchwork.ozlabs.org/patch/1133904/

Patch, Third Party Advisory

20190812 [SECURITY] [DSA 4495-1] linux security update

20190813 [SECURITY] [DSA 4497-1] linux security update

20190814 [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)

https://security.netapp.com/advisory/ntap-20190806-0001/

USN-4114-1

USN-4115-1

USN-4116-1

DSA-4495

DSA-4497

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.