CVE-2018-11506

Опубликовано: 28 мая 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.

Ссылки

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe
Patch
https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory
https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe
Patch
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
Mailing List
Third Party Advisory
https://twitter.com/efrmv/status/1001574894273007616
Third Party Advisory
https://usn.ubuntu.com/3752-1/
Third Party Advisory
https://usn.ubuntu.com/3752-2/
Third Party Advisory
https://usn.ubuntu.com/3752-3/
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe
Patch
https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory
https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe
Patch
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
Mailing List
Third Party Advisory
https://twitter.com/efrmv/status/1001574894273007616
Third Party Advisory
https://usn.ubuntu.com/3752-1/
Third Party Advisory
https://usn.ubuntu.com/3752-2/
Third Party Advisory
https://usn.ubuntu.com/3752-3/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.11 (включая) до 4.14.45 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.16.13 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00083

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2018-11506

CVSS3: 7.8

ubuntu

больше 7 лет назад

CVE-2018-11506

CVSS3: 5.3

redhat

больше 7 лет назад

CVE-2018-11506

CVSS3: 7.8

debian

больше 7 лет назад

The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kerne ...

GHSA-gq53-r8v6-47q9

CVSS3: 7.8

github

больше 3 лет назад

BDU:2023-01297

CVSS3: 7.8

fstec

больше 7 лет назад

Уязвимость функции sr_do_ioctl() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

EPSS

Процентиль: 24%

0.00083

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787