An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-07-02T17:00:00
Updated: 2024-08-05T08:45:02.345Z
Reserved: 2018-06-26T00:00:00
Link: CVE-2018-12896
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-07-02T17:29:00.660
Modified: 2019-04-03T12:04:40.763
Link: CVE-2018-12896
Redhat