CVE-2018-20855

Опубликовано: 26 июл. 2019

Источник: redhat

CVSS3: 3.3

Описание

An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

A flaw was discovered in the Linux kernel's implementation of InfiniBand. A local attacker who is able to execute a read from the InfiniBand device could trigger an information leak of kernel memory to userspace which can be used to further attack the system.

Меры по смягчению последствий

If the InfiniBand device is in use, there is no known mitigation for this flaw. If the InfiniBand device is not in use, the kernel module (mlx5_ib) can be blacklisted and unloaded.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Will not fix
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1738708kernel: Information leak in create_qp_common in drivers/infiniband/hw/mlx5/qp.c

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-20855

CVSS3: 3.3

ubuntu

почти 6 лет назад

CVE-2018-20855

CVSS3: 3.3

nvd

почти 6 лет назад

CVE-2018-20855

CVSS3: 3.3

debian

почти 6 лет назад

An issue was discovered in the Linux kernel before 4.18.7. In create_q ...

GHSA-xr6p-4wfc-3fxp

github

около 3 лет назад

SUSE-SU-2019:2262-1

suse-cvrf

почти 6 лет назад

Security update for the Linux Kernel

3.3 Low

CVSS3