exploitDog

CVE-2018-18559

Опубликовано: 22 окт. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

Ссылки

https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0163
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0188
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1170
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1190
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3967
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4159
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0174
Third Party Advisory
https://blogs.securiteam.com/index.php/archives/3731
Exploit
Patch
Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:0327
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0163
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0188
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1170
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1190
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3967
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4159
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0174
Third Party Advisory
https://blogs.securiteam.com/index.php/archives/3731
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.2.95 (включая) до 3.2.100 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.14.58 (включая) до 3.15 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.18.25 (включая) до 3.18.88 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.1.14 (включая) до 4.1.49 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.2.7 (включая) до 4.3 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.3.1 (включая) до 4.4.106 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.9.70 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.14.7 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01207

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2018-18559

CVSS3: 8.1

ubuntu

больше 6 лет назад

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

CVE-2018-18559

CVSS3: 7

redhat

около 7 лет назад

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

CVE-2018-18559

CVSS3: 8.1

debian

больше 6 лет назад

In the Linux kernel through 4.19, a use-after-free can occur due to a ...

GHSA-8w88-57v8-p48h

CVSS3: 8.1

github

около 3 лет назад

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

BDU:2019-00974

CVSS3: 8.1

fstec

больше 7 лет назад

Уязвимость обработчика RAW-сокетов AF_PACKET ядра Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 78%

0.01207

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-362