CVE-2018-5333

Опубликовано: 11 янв. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 4.9

EPSS Низкий

Описание

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

Ссылки

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737
Issue Tracking
Patch
Vendor Advisory
http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html
http://www.securityfocus.com/bid/102510
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0470
Third Party Advisory
https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
Mailing List
Third Party Advisory
https://usn.ubuntu.com/3583-1/
Third Party Advisory
https://usn.ubuntu.com/3583-2/
Third Party Advisory
https://usn.ubuntu.com/3617-1/
Third Party Advisory
https://usn.ubuntu.com/3617-2/
Third Party Advisory
https://usn.ubuntu.com/3617-3/
Third Party Advisory
https://usn.ubuntu.com/3619-1/
Third Party Advisory
https://usn.ubuntu.com/3619-2/
Third Party Advisory
https://usn.ubuntu.com/3632-1/
Third Party Advisory
https://www.debian.org/security/2018/dsa-4187
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737
Issue Tracking
Patch
Vendor Advisory
http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html
http://www.securityfocus.com/bid/102510
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:0470
Third Party Advisory
https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 4.14.13 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01755

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2018-5333

CVSS3: 5.5

ubuntu

больше 7 лет назад

CVE-2018-5333

CVSS3: 5.5

redhat

больше 7 лет назад

CVE-2018-5333

CVSS3: 5.5

debian

больше 7 лет назад

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in n ...

GHSA-fgqv-475c-x2p6

CVSS3: 5.5

github

около 3 лет назад

ELSA-2018-4193

oracle-oval

почти 7 лет назад

ELSA-2018-4193: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 82%

0.01755

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-476