CVE-2018-5344

Опубликовано: 12 янв. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.

Ссылки

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
Patch
Third Party Advisory
http://www.securityfocus.com/bid/102503
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3083
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096
Third Party Advisory
https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
Patch
Third Party Advisory
https://usn.ubuntu.com/3583-1/
Third Party Advisory
https://usn.ubuntu.com/3583-2/
Third Party Advisory
https://usn.ubuntu.com/3617-1/
Third Party Advisory
https://usn.ubuntu.com/3617-2/
Third Party Advisory
https://usn.ubuntu.com/3617-3/
Third Party Advisory
https://usn.ubuntu.com/3619-1/
Third Party Advisory
https://usn.ubuntu.com/3619-2/
Third Party Advisory
https://usn.ubuntu.com/3632-1/
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
Patch
Third Party Advisory
http://www.securityfocus.com/bid/102503
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3083
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096
Third Party Advisory
https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 4.14.13 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2018-5344

CVSS3: 7.8

ubuntu

больше 7 лет назад

CVE-2018-5344

CVSS3: 5.5

redhat

больше 7 лет назад

CVE-2018-5344

CVSS3: 7.8

debian

больше 7 лет назад

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles l ...

GHSA-qvpq-6qhx-422f

CVSS3: 7.8

github

около 3 лет назад

ELSA-2018-3083

oracle-oval

больше 6 лет назад

ELSA-2018-3083: kernel security, bug fix, and enhancement update (IMPORTANT)

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-362