In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
http://www.securityfocus.com/bid/102503
https://access.redhat.com/errata/RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3096
https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
https://usn.ubuntu.com/3583-1/
https://usn.ubuntu.com/3583-2/
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3619-1/
Source: MITRE
Published: 2018-01-12
Updated: 2020-08-24
Type: CWE-362
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.14.13 (inclusive)
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
OR
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
127281 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074) | Nessus | NewStart CGSL Local Security Checks | critical |
127272 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070) | Nessus | NewStart CGSL Local Security Checks | critical |
124986 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533) | Nessus | Huawei Local Security Checks | high |
124834 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512) | Nessus | Huawei Local Security Checks | high |
121918 | Photon OS 2.0: Linux PHSA-2018-2.0-0016 | Nessus | PhotonOS Local Security Checks | high |
121807 | Photon OS 1.0: Linux PHSA-2018-1.0-0107 | Nessus | PhotonOS Local Security Checks | medium |
119187 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030) | Nessus | Scientific Linux Local Security Checks | high |
118990 | CentOS 7 : kernel (CESA-2018:3083) | Nessus | CentOS Local Security Checks | high |
118770 | Oracle Linux 7 : kernel (ELSA-2018-3083) | Nessus | Oracle Linux Local Security Checks | high |
118528 | RHEL 7 : kernel-rt (RHSA-2018:3096) | Nessus | Red Hat Local Security Checks | high |
118525 | RHEL 7 : kernel (RHSA-2018:3083) | Nessus | Red Hat Local Security Checks | high |
118513 | RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre) | Nessus | Red Hat Local Security Checks | high |
117544 | EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1235) | Nessus | Huawei Local Security Checks | medium |
111918 | Photon OS 1.0: Linux PHSA-2018-1.0-0107 (deprecated) | Nessus | PhotonOS Local Security Checks | medium |
111286 | Photon OS 2.0 : Linux / Postgresql / Binutils / Curl / Libtiff (PhotonOS-PHSA-2018-2.0-0016) (deprecated) | Nessus | PhotonOS Local Security Checks | high |
109316 | Ubuntu 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3632-1) | Nessus | Ubuntu Local Security Checks | high |
109127 | Amazon Linux 2 : kernel (ALAS-2018-956) (Dirty COW) (Spectre) | Nessus | Amazon Linux Local Security Checks | medium |
108878 | Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2) | Nessus | Ubuntu Local Security Checks | high |
108842 | Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1) | Nessus | Ubuntu Local Security Checks | high |
108840 | Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3) | Nessus | Ubuntu Local Security Checks | high |
108835 | Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2) | Nessus | Ubuntu Local Security Checks | high |
108834 | Ubuntu 17.10 : linux vulnerabilities (USN-3617-1) | Nessus | Ubuntu Local Security Checks | high |
108459 | EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1055) | Nessus | Huawei Local Security Checks | high |
107003 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-3583-1) (Meltdown) | Nessus | Ubuntu Local Security Checks | critical |
106933 | Amazon Linux AMI : kernel (ALAS-2018-956) (Dirty COW) (Spectre) | Nessus | Amazon Linux Local Security Checks | medium |
106588 | Virtuozzo 7 : readykernel-patch (VZA-2018-007) | Nessus | Virtuozzo Local Security Checks | medium |
106406 | EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1031) | Nessus | Huawei Local Security Checks | critical |
106280 | Fedora 26 : kernel (2018-8dc60a4feb) | Nessus | Fedora Local Security Checks | high |
106275 | Fedora 27 : kernel (2018-262eb7c289) | Nessus | Fedora Local Security Checks | high |