CVE-2017-18232

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d

http://www.securityfocus.com/bid/103423

https://access.redhat.com/errata/RHSA-2018:3083

https://access.redhat.com/errata/RHSA-2018:3096

https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d

https://usn.ubuntu.com/4163-1/

https://usn.ubuntu.com/4163-2/

https://www.debian.org/security/2018/dsa-4187

Details

Source: MITRE

Published: 2018-03-15

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.15.9 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
139858Amazon Linux 2 : kernel (ALAS-2020-1480)NessusAmazon Linux Local Security Checks
medium
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
130152Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4163-1)NessusUbuntu Local Security Checks
critical
124828EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)NessusHuawei Local Security Checks
critical
121966Photon OS 2.0: Linux PHSA-2018-2.0-0072NessusPhotonOS Local Security Checks
high
121857Photon OS 1.0: Linux PHSA-2018-1.0-0161NessusPhotonOS Local Security Checks
medium
119187Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
high
118990CentOS 7 : kernel (CESA-2018:3083)NessusCentOS Local Security Checks
high
118770Oracle Linux 7 : kernel (ELSA-2018-3083)NessusOracle Linux Local Security Checks
high
118528RHEL 7 : kernel-rt (RHSA-2018:3096)NessusRed Hat Local Security Checks
high
118525RHEL 7 : kernel (RHSA-2018:3083)NessusRed Hat Local Security Checks
high
111956Photon OS 2.0: Linux PHSA-2018-2.0-0072 (deprecated)NessusPhotonOS Local Security Checks
medium
111943Photon OS 1.0: Linux PHSA-2018-1.0-0161 (deprecated)NessusPhotonOS Local Security Checks
medium
109517Debian DSA-4187-1 : linux - security update (Spectre)NessusDebian Local Security Checks
critical
109183Amazon Linux AMI : kernel (ALAS-2018-993)NessusAmazon Linux Local Security Checks
medium
108677Fedora 27 : kernel (2018-e378863e47)NessusFedora Local Security Checks
medium
108673Fedora 26 : kernel (2018-ba39fc0e07)NessusFedora Local Security Checks
medium