CVE-2018-18386

LOW

Description

drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348

https://access.redhat.com/errata/RHSA-2019:0831

https://bugzilla.suse.com/show_bug.cgi?id=1094825

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11

https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348

https://usn.ubuntu.com/3849-1/

https://usn.ubuntu.com/3849-2/

Details

Source: MITRE

Published: 2018-10-17

Updated: 2019-04-23

Type: CWE-704

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 1.8

Severity: LOW

Vulnerable Software

ID	Name	Product	Family	Severity
125283	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	SuSE Local Security Checks	high
124823	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1500)	Nessus	Huawei Local Security Checks	high
124257	RHEL 7 : kernel-alt (RHSA-2019:0831)	Nessus	Red Hat Local Security Checks	medium
123890	EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1204)	Nessus	Huawei Local Security Checks	high
123883	EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1197)	Nessus	Huawei Local Security Checks	high
123366	openSUSE Security Update : the Linux Kernel (openSUSE-2019-893)	Nessus	SuSE Local Security Checks	high
122343	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)	Nessus	SuSE Local Security Checks	high
122201	EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1028)	Nessus	Huawei Local Security Checks	high
122174	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1027)	Nessus	Huawei Local Security Checks	low
121468	SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)	Nessus	SuSE Local Security Checks	high
121208	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0095-1)	Nessus	SuSE Local Security Checks	high
120151	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:3589-1)	Nessus	SuSE Local Security Checks	high
119921	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1432)	Nessus	Huawei Local Security Checks	high
119832	Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)	Nessus	Ubuntu Local Security Checks	high
119647	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:4069-1)	Nessus	SuSE Local Security Checks	high
119639	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4307)	Nessus	Oracle Linux Local Security Checks	high
119286	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3934-1)	Nessus	SuSE Local Security Checks	high
119077	openSUSE Security Update : the Linux Kernel (openSUSE-2018-1427)	Nessus	SuSE Local Security Checks	high
119033	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3787-1)	Nessus	SuSE Local Security Checks	high
119013	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3772-1)	Nessus	SuSE Local Security Checks	low
118952	SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3746-1)	Nessus	SuSE Local Security Checks	high
118882	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3689-1)	Nessus	SuSE Local Security Checks	high
118818	openSUSE Security Update : the Linux Kernel (openSUSE-2018-1342)	Nessus	SuSE Local Security Checks	high

CVE-2018-18386

LOW

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

medium

high

high

high

high

high

low

high

high

high

high

high

high

high

high

high

high

low

high

high

high