Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1120

Опубликовано: 20 июн. 2018
Источник: nvd
CVSS3: 2.8
CVSS3: 5.3
CVSS2: 3.5
EPSS Низкий

Описание

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 4.17 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 76%
0.00986
Низкий

2.8 Low

CVSS3

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-122
CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2018-1120

CVSS3: 2.8
ubuntu
около 7 лет назад

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

redhat логотип

CVE-2018-1120

CVSS3: 2.8
redhat
около 7 лет назад

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

debian логотип

CVE-2018-1120

CVSS3: 2.8
debian
около 7 лет назад

A flaw was found affecting the Linux kernel before version 4.17. By mm ...

github логотип

GHSA-gq4w-28gq-c8cj

CVSS3: 5.3
github
около 3 лет назад

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

fstec логотип

BDU:2020-03305

CVSS3: 5.3
fstec
около 7 лет назад

Уязвимость функции mmap()ing ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 76%
0.00986
Низкий

2.8 Low

CVSS3

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-122
CWE-119