CVE-2018-8043

Опубликовано: 11 янв. 2018

Источник: redhat

CVSS3: 4.1

EPSS Низкий

Описание

The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

The Linux kernel was found vulnerable to a NULL pointer dereference in the drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() function caused by an unchecked return value from the platform_get_resource() function. A successful flaw exploitation can cause a system panic and a denial of service. This flaw is believed not to be an attacker triggerable as bad return value can be caused by hardware misconfiguration.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Will not fix
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-252->CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1554199kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() can lead to denial of service

EPSS

Процентиль: 17%

0.00054

Низкий

4.1 Medium

CVSS3

Связанные уязвимости

CVE-2018-8043

CVSS3: 5.5

ubuntu

больше 7 лет назад

CVE-2018-8043

CVSS3: 5.5

nvd

больше 7 лет назад

CVE-2018-8043

CVSS3: 5.5

debian

больше 7 лет назад

The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...

GHSA-74vr-h68j-rmh2

CVSS3: 5.5

github

около 3 лет назад

openSUSE-SU-2018:0972-1

suse-cvrf

около 7 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 17%

0.00054

Низкий

4.1 Medium

CVSS3