DoS Vulnerabilities Found in Linux Kernel, Unpatched

[silversurfer]

Two denial-of-service (DoS) vulnerabilities found in the Linux Kernel by contributor Wanpeng Li could allow local attackers to exploit null pointer deference bugs to trigger DoS conditions.

The first vulnerability, which received the CVE-2018-19406 ID in the Common Vulnerabilities and Exposures database, resides in the kvm_pv_send_ipi function of the Linux kernel, defined in the arch/x86/kvm/lapic.c file.

The second vulnerability found by Li can also be exploited only by attackers that have physical access to the vulnerable Linux machine. The issue got assigned the CVE-2018-19407 ID by the CVE database, and it is present in the kvm_pv_send_ipi function kernel function that can be found in the Arch/x86/kvm/lapic.c source code file.

Source: https://news.softpedia.com/news/dos-vuln...3955.shtml