CVE-2018-18445

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681

https://access.redhat.com/errata/RHSA-2019:0512

https://access.redhat.com/errata/RHSA-2019:0514

https://bugs.chromium.org/p/project-zero/issues/detail?id=1686

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13

https://github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681

https://support.f5.com/csp/article/K38456756

https://usn.ubuntu.com/3832-1/

https://usn.ubuntu.com/3835-1/

https://usn.ubuntu.com/3847-1/

https://usn.ubuntu.com/3847-2/

https://usn.ubuntu.com/3847-3/

Details

Source: MITRE

Published: 2018-10-17

Updated: 2020-10-15

Type: CWE-125

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
123366openSUSE Security Update : the Linux Kernel (openSUSE-2019-893)NessusSuSE Local Security Checks
high
122954CentOS 7 : kernel (CESA-2019:0512)NessusCentOS Local Security Checks
high
122887Scientific Linux Security Update : kernel on SL7.x x86_64 (20190314)NessusScientific Linux Local Security Checks
high
122864Oracle Linux 7 : kernel (ELSA-2019-0512)NessusOracle Linux Local Security Checks
high
122843RHEL 7 : kernel-rt (RHSA-2019:0514)NessusRed Hat Local Security Checks
high
122842RHEL 7 : kernel (RHSA-2019:0512)NessusRed Hat Local Security Checks
high
120151SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:3589-1)NessusSuSE Local Security Checks
high
119829Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3847-3)NessusUbuntu Local Security Checks
high
119828Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3847-2)NessusUbuntu Local Security Checks
high
119827Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3847-1)NessusUbuntu Local Security Checks
high
119647SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:4069-1)NessusSuSE Local Security Checks
high
119638Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4304)NessusOracle Linux Local Security Checks
high
119338Ubuntu 18.10 : linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3835-1)NessusUbuntu Local Security Checks
high
119302Ubuntu 18.10 : Linux kernel (AWS) vulnerabilities (USN-3832-1)NessusUbuntu Local Security Checks
high
119286SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3934-1)NessusSuSE Local Security Checks
high
118818openSUSE Security Update : the Linux Kernel (openSUSE-2018-1342)NessusSuSE Local Security Checks
high