NULL pointer dereference and BUG in kvm_pv_send_ipi vulnerability in Linux kernel (CVE-2018-19407)

NULL pointer dereference and BUG in kvm_pv_send_ipi vulnerability in Linux kernel (CVE-2018-19407)

CVE-2018-19406 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.