CVE-2018-18559

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

References

https://access.redhat.com/errata/RHBA-2019:0327

https://access.redhat.com/errata/RHSA-2019:0163

https://access.redhat.com/errata/RHSA-2019:0188

https://access.redhat.com/errata/RHSA-2019:1170

https://access.redhat.com/errata/RHSA-2019:1190

https://blogs.securiteam.com/index.php/archives/3731

Details

Source: MITRE

Published: 2018-10-22

Updated: 2019-05-14

Type: CWE-362

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
133162RHEL 7 : kernel-alt (RHSA-2020:0174)NessusRed Hat Local Security Checks
high
131980RHEL 7 : kernel (RHSA-2019:4159)NessusRed Hat Local Security Checks
high
131375RHEL 7 : kernel (RHSA-2019:3967)NessusRed Hat Local Security Checks
high
129311F5 Networks BIG-IP : Linux kernel vulnerability (K28241423)NessusF5 Networks Local Security Checks
high
127243NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Vulnerability (NS-SA-2019-0055)NessusNewStart CGSL Local Security Checks
high
127240NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Vulnerability (NS-SA-2019-0053)NessusNewStart CGSL Local Security Checks
high
125192RHEL 6 : MRG (RHSA-2019:1190) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusRed Hat Local Security Checks
high
125039RHEL 7 : kernel (RHSA-2019:1170) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusRed Hat Local Security Checks
high
124977EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1524)NessusHuawei Local Security Checks
high
124834EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)NessusHuawei Local Security Checks
high
124430EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1303)NessusHuawei Local Security Checks
high
123721EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)NessusHuawei Local Security Checks
high
123712EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)NessusHuawei Local Security Checks
high
123605EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1131)NessusHuawei Local Security Checks
medium
122837OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0009)NessusOracleVM Local Security Checks
high
122803Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4575)NessusOracle Linux Local Security Checks
high
122699EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)NessusHuawei Local Security Checks
high
122611Virtuozzo 7 : OVMF / anaconda / anaconda-core / anaconda-dracut / etc (VZA-2019-013)NessusVirtuozzo Local Security Checks
high
121547CentOS 7 : kernel (CESA-2019:0163)NessusCentOS Local Security Checks
high
121496Oracle Linux 7 : kernel (ELSA-2019-0163)NessusOracle Linux Local Security Checks
high
121456Scientific Linux Security Update : kernel on SL7.x x86_64 (20190129)NessusScientific Linux Local Security Checks
high
121450RHEL 7 : kernel-rt (RHSA-2019:0188)NessusRed Hat Local Security Checks
high
121449RHEL 7 : kernel (RHSA-2019:0163)NessusRed Hat Local Security Checks
high
121099Virtuozzo 7 : readykernel-patch (VZA-2018-077)NessusVirtuozzo Local Security Checks
high