Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5848

Опубликовано: 02 дек. 2017
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ‘ie_len’ argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2018:309630.10.2018
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2018:294830.10.2018
Red Hat Enterprise Linux 7kernelFixedRHSA-2018:308330.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1590799kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption

EPSS

Процентиль: 35%
0.0014
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5848

CVSS3: 7.8
ubuntu
около 7 лет назад

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

nvd логотип

CVE-2018-5848

CVSS3: 7.8
nvd
около 7 лет назад

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

debian логотип

CVE-2018-5848

CVSS3: 7.8
debian
около 7 лет назад

In the function wmi_set_ie(), the length validation code does not hand ...

suse-cvrf логотип

SUSE-SU-2018:4208-1

suse-cvrf
больше 6 лет назад

Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP3)

suse-cvrf логотип

SUSE-SU-2018:4127-1

suse-cvrf
больше 6 лет назад

Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2)

EPSS

Процентиль: 35%
0.0014
Низкий

5.3 Medium

CVSS3