15 May 20

MINISTRY OF DEFENCE
CYBER CELL

CYBER SECURITY ADVISORY: 24/2020

MULTIPLE VULNERABILITIES IN LINUX KERNEL

1. It is intimated that multiple vulnerabilities have been reported in Linux kernel which
could allow an attacker to lead memory corruption, buffer overflow and denial of service
condition on a targeted system. The details are as follows:-

Severity Rating: Medium

Software Affected: Linux Kernel before 5.5.4

Linux Kernel before 5.4.14

Linux Kernel before 5.6.10

2. Description.

i) Double Fetch Vulnerability. A double fetch vulnerability exists in the

“__mptctl_ioctl” function of “drivers/message/fusion/mptctl.c” Linux kernel file due
to improper handling the IOCtl operation during the holding incorrect lock by the
affected software. A local attacker could exploit this vulnerability by holding the
incorrect lock during the IOCtl operation and trigger a race condition.

ii) Buffer Overflow Vulnerability. A buffer overflow vulnerability exists

in“mwifiex_ret_wmm_get_status()” function of
drivers/net/wireless/marvell/mwifiex/wmm.c” in the Linux kernel due to improper
handling memory copy (memcpy) function by the affected software. A remote
attacker could exploit this vulnerability by allowing a remote AP to trigger a heap-
based buffer overflow.

iii) Denial of service Vulnerability. A denial of service vulnerability exists in

mwifiex_cmd_append_vsie_tlv () function in
drivers/net/wireless/marvell/mwifiex/scan.c in Linux kernel due to improper
handling memory copy (memcpy) function by the affected software. An attacker
could exploit this vulnerability by allowing to trigger a buffer overflow. Successful
exploitation of this vulnerability could lead to a denial of service condition.
 iv) Denial of Service Vulnerability. A denial of service vulnerability exists in
“xfs_agf_verify” of“fs/xfs/libxfs/xfs_alloc.c” Linux kernel file due to improper
handling metadata by the affected software. An attacker could exploit this
vulnerability to trigger a sync of excessive duration via an XFS v5 image with
crafted metadata. Successful exploitation of this vulnerability could lead to a denial
of service condition.

v) Memory Corruption Vulnerability. A memory corruption vulnerability

exists in rpcsec_gss_krb5 function in the Linux kernel due to improper handling
certain domain release calls by the affected software. An attacker could exploit this
vulnerability by implementing the domain release calls function. Successful
exploitation of this vulnerability could lead to a memory leak condition.

3. Solution. Apply appropriate patches as mentioned at https://www.kernel.org/

4. It is requested that this advisory may be uploaded on the MoD website for further
dissemination to all MoD personnel.