Linux Kernel dlpar_parse_cc_property Denial of Service Vulnerability



A vulnerability in the Linux Kernel could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the dlpar_parse_cc_property function, as defined in the arch/powerpc/platforms/pseries/dlpar.c source code file of the affected software, and is due to an unchecked kstrdup of prop->name. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. An exploit could trigger a NULL pointer dereference condition that causes the system to crash, resulting in a DoS condition.

Kernel.org has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-12614

Source:: Cisco Multivendor Vulnerability Alerts