CVE-2018-12896

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.

References

https://bugzilla.kernel.org/show_bug.cgi?id=200189

https://github.com/lcytxw/bug_repro/tree/master/bug_200189

https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://usn.ubuntu.com/3847-1/

https://usn.ubuntu.com/3847-2/

https://usn.ubuntu.com/3847-3/

https://usn.ubuntu.com/3848-1/

https://usn.ubuntu.com/3848-2/

https://usn.ubuntu.com/3849-1/

https://usn.ubuntu.com/3849-2/

Details

Source: MITRE

Published: 2018-07-02

Updated: 2019-04-03

Type: CWE-190

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
124975EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1522)NessusHuawei Local Security Checks
high
123420Debian DLA-1731-2 : linux regression update (Spectre)NessusDebian Local Security Checks
medium
123329openSUSE Security Update : the Linux Kernel (openSUSE-2019-769)NessusSuSE Local Security Checks
high
122879Debian DLA-1715-1 : linux-4.9 security update (Spectre)NessusDebian Local Security Checks
high
121505Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)NessusSlackware Local Security Checks
high
120418Fedora 28 : kernel (2018-50075276e8)NessusFedora Local Security Checks
high
120118SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2980-1)NessusSuSE Local Security Checks
high
119832Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)NessusUbuntu Local Security Checks
high
119831Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3848-2)NessusUbuntu Local Security Checks
critical
119830Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3848-1)NessusUbuntu Local Security Checks
critical
119829Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3847-3)NessusUbuntu Local Security Checks
high
119828Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3847-2)NessusUbuntu Local Security Checks
high
119827Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3847-1)NessusUbuntu Local Security Checks
high
118747SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3618-1)NessusSuSE Local Security Checks
high
118053Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4242) (Foreshadow)NessusOracle Linux Local Security Checks
high
118034SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3084-1)NessusSuSE Local Security Checks
high
118033SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3083-1)NessusSuSE Local Security Checks
high
117988openSUSE Security Update : the Linux Kernel (openSUSE-2018-1140)NessusSuSE Local Security Checks
high
117824SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)NessusSuSE Local Security Checks
high
117820SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2879-1)NessusSuSE Local Security Checks
high
117800SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2858-1)NessusSuSE Local Security Checks
high
117629SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)NessusSuSE Local Security Checks
high
117523openSUSE Security Update : the Linux Kernel (openSUSE-2018-1016)NessusSuSE Local Security Checks
high
111243Fedora 27 : kernel (2018-8484550fff)NessusFedora Local Security Checks
high