CVE-2018-18386

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348

https://access.redhat.com/errata/RHSA-2019:0831

https://bugzilla.suse.com/show_bug.cgi?id=1094825

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11

https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348

https://usn.ubuntu.com/3849-1/

https://usn.ubuntu.com/3849-2/

Details

Source: MITRE

Published: 2018-10-17

Updated: 2019-04-23

Type: CWE-704

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 1.8

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
125283SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124823EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1500)NessusHuawei Local Security Checks
high
124257RHEL 7 : kernel-alt (RHSA-2019:0831)NessusRed Hat Local Security Checks
high
123890EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1204)NessusHuawei Local Security Checks
high
123883EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1197)NessusHuawei Local Security Checks
high
123366openSUSE Security Update : the Linux Kernel (openSUSE-2019-893)NessusSuSE Local Security Checks
high
122343SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)NessusSuSE Local Security Checks
high
122201EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1028)NessusHuawei Local Security Checks
high
122174EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1027)NessusHuawei Local Security Checks
medium
121468SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)NessusSuSE Local Security Checks
high
121208SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0095-1)NessusSuSE Local Security Checks
high
120151SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:3589-1)NessusSuSE Local Security Checks
high
119921EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1432)NessusHuawei Local Security Checks
high
119832Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)NessusUbuntu Local Security Checks
high
119647SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:4069-1)NessusSuSE Local Security Checks
high
119639Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4307)NessusOracle Linux Local Security Checks
medium
119286SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3934-1)NessusSuSE Local Security Checks
high
119077openSUSE Security Update : the Linux Kernel (openSUSE-2018-1427)NessusSuSE Local Security Checks
high
119033SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3787-1)NessusSuSE Local Security Checks
high
119013SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3772-1)NessusSuSE Local Security Checks
low
118952SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3746-1)NessusSuSE Local Security Checks
high
118882SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3689-1)NessusSuSE Local Security Checks
high
118818openSUSE Security Update : the Linux Kernel (openSUSE-2018-1342)NessusSuSE Local Security Checks
high