Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-12896

Опубликовано: 02 июл. 2018
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 4.17.3 (включая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 22%
0.00069
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2018-12896

CVSS3: 5.5
ubuntu
почти 7 лет назад

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.

redhat логотип

CVE-2018-12896

CVSS3: 3.3
redhat
почти 7 лет назад

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.

debian логотип

CVE-2018-12896

CVSS3: 5.5
debian
почти 7 лет назад

An issue was discovered in the Linux kernel through 4.17.3. An Integer ...

github логотип

GHSA-752f-2m5c-7473

CVSS3: 5.5
github
около 3 лет назад

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.

fstec логотип

BDU:2021-01436

CVSS3: 5.5
fstec
почти 7 лет назад

Уязвимость компонента time/posix-timers.c ядра операционной системы Linux, связанная с целочисленным переполнением значения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 22%
0.00069
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-190