Linux Kernel get_vdev_port_node_info Denial of Service Vulnerability



A vulnerability in the Linux Kernel could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the get_vdev_port_node_info function, as defined in the arch/sparc/kernel/mdesc.c source code file of the affected software, and is due to an unchecked kstrdup_const of node_info->vdev_port.name. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. An exploit could trigger a NULL pointer dereference condition that causes the system to crash, resulting in a DoS condition.

Kernel.org has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-12615

Source:: Cisco Multivendor Vulnerability Alerts