CVE-2018-1120
published 2018-06-20CVE-2018-1120: A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or…
PriorityP338medium5.3CVSS 3.0
AVNACHPRLUINSUCNINAH
EXPLOIT
EPSS
7.29%
93.6th percentile
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.16.12-1 (bookworm) | linux 4.16.12-1 (bookworm) |
| linux | linux_kernel | < 4.17 | 4.17 |
| linux | linux_kernel | >= 0 < 4.16.12-1 | 4.16.12-1 |
| linux | linux_kernel | >= 0 < 4.16.12-1 | 4.16.12-1 |
| linux | linux_kernel | >= 0 < 4.16.12-1 | 4.16.12-1 |
| linux | linux_kernel | >= 0 < 4.16.12-1 | 4.16.12-1 |
| linux | linux_kernel | >= 0 < 4.4.0-143.169 | 4.4.0-143.169 |
| linux | linux_kernel | >= 0 < 4.15.0-33.36 | 4.15.0-33.36 |
| paloalto | pan-os | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv5.5MEDIUM
vendor_ubuntu5.5MEDIUM
vendor_debian2.8LOW
vendor_redhat2.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gq4w-28gq-c8cj: A flaw was found affecting the Linux kernel before version 4
ghsa_unreviewed·2022-05-13
CVE-2018-1120 [MEDIUM] CWE-119 GHSA-gq4w-28gq-c8cj: A flaw was found affecting the Linux kernel before version 4
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
osv·2019-03-15·CVSS 5.5
CVE-2017-18241 [MEDIUM] linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the f2fs filesystem implementation in the Linux
kernel did not handle the noflush_merge mount option correctly. An attacker
could use this to cause a denial of service (system crash).
(CVE-2017-18241)
It was discovered that the procfs filesystem did not properly handle
processes mapping some memory elements onto files. A local attacker could
use this to block utilities that examine the procfs filesystem to report
operating system state, such as ps(1). (CVE-2018-1120)
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver
in the Linux kernel did not properly validate metadata received from the
device. A physically proximate attacker could use this to cause a denial of
s
OSV
linux-lts-xenial, linux-aws vulnerabilities
osv·2019-03-15·CVSS 5.5
CVE-2017-18241 [MEDIUM] linux-lts-xenial, linux-aws vulnerabilities
linux-lts-xenial, linux-aws vulnerabilities
USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that the f2fs filesystem implementation in the Linux
kernel did not handle the noflush_merge mount option correctly. An attacker
could use this to cause a denial of service (system crash).
(CVE-2017-18241)
It was discovered that the procfs filesystem did not properly handle
processes mapping some memory elements onto files. A local attacker could
use this to block utilities that examine the procfs filesystem to report
operating system state, such as ps(1). (CVE-2018-1120)
Hui Peng and Mathias Payer discovered that t
OSV
linux-azure, linux-oem, linux-gcp vulnerabilities
osv·2018-08-28·CVSS 5.5
CVE-2018-1000200 [MEDIUM] linux-azure, linux-oem, linux-gcp vulnerabilities
linux-azure, linux-oem, linux-gcp vulnerabilities
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate xattr information. An attacker could use
this to construct a malicious xfs image that, when mounted, could c
OSV
linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
osv·2018-08-24·CVSS 5.5
CVE-2018-1000200 [MEDIUM] linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate xattr information. An attacker could use
this to construct a malicious xfs image that, wh
OSV
linux-hwe vulnerabilities
osv·2018-08-24·CVSS 5.5
CVE-2018-10002 [MEDIUM] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered tha
OSV
CVE-2018-1120: A flaw was found affecting the Linux kernel before version 4
osv·2018-06-20·CVSS 5.3
CVE-2018-1120 [MEDIUM] CVE-2018-1120: A flaw was found affecting the Linux kernel before version 4
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
Kernel
proc: do not access cmdline nor environ from file-backed areas
kernel_security·2018-05-11·CVSS 2.8
CVE-2018-1120 [LOW] proc: do not access cmdline nor environ from file-backed areas
proc: do not access cmdline nor environ from file-backed areas
proc_pid_cmdline_read() and environ_read() directly access the target
process' VM to retrieve the command line and environment. If this
process remaps these areas onto a file via mmap(), the requesting
process may experience various issues such as extra delays if the
underlying device is slow to respond.
Let's simply refuse to access file-backed areas in these functions.
For this we add a new FOLL_ANON gup flag that is passed to all calls
to access_remote_vm(). The code already takes care of such failures
(including unmapped areas). Accesses via /proc/pid/mem were not
changed though.
This was assigned CVE-2018-1120.
Note for stable backports: the patch may apply to kernels prior to 4.11
but silently miss one location; it mu
Palo Alto
PAN
vendor_paloalto·2020-07-08·CVSS 9.8
CVE-2013-7459 [CRITICAL] PAN
PAN
The Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have any security impact on PAN-OS or that the scenarios required for successful
CVEs: CVE-2013-7459, CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-16402, CVE-2020-11022, CVE-2020-11023, CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914
Affected products: PAN-OS
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2019-03-15·CVSS 5.5
CVE-2017-18241 [MEDIUM] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
It was discovered that the f2fs filesystem implementation in the Linux
kernel did not handle the noflush_merge mount option correctly. An attacker
could use this to cause a denial of service (system crash).
(CVE-2017-18241)
It was discovered that the procfs filesystem did not properly handle
processes mapping some memory elements onto files. A local attacker could
use this to block utilities that examine the procfs filesystem to report
operating system state, such
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2019-03-15·CVSS 5.5
CVE-2017-18241 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the f2fs filesystem implementation in the Linux
kernel did not handle the noflush_merge mount option correctly. An attacker
could use this to cause a denial of service (system crash).
(CVE-2017-18241)
It was discovered that the procfs filesystem did not properly handle
processes mapping some memory elements onto files. A local attacker could
use this to block utilities that examine the procfs filesystem to report
operating system state, such as ps(1). (CVE-2018-1120)
Hui Peng and Mathias Payer discovered that the Option USB High Speed driver
in the Linux kernel did not properly validate metadata received from the
device. A physically proximate attacker could use t
Ubuntu
Linux kernel (Azure, GCP, OEM) vulnerabilities
vendor_ubuntu·2018-08-28·CVSS 5.5
CVE-2018-1000200 [MEDIUM] Linux kernel (Azure, GCP, OEM) vulnerabilities
Title: Linux kernel (Azure, GCP, OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate xattr information. An attacker could u
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-08-24·CVSS 5.5
CVE-2018-1000200 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate xattr information. An attacker could use
this to constru
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2018-08-24·CVSS 5.5
CVE-2018-1000200 [MEDIUM] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could
Red Hat
kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
vendor_redhat·2018-05-17·CVSS 2.8
CVE-2018-1120 [LOW] CWE-122 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the
Debian
CVE-2018-1120: linux - A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a ...
vendor_debian·2018·CVSS 2.8
CVE-2018-1120 [LOW] CVE-2018-1120: linux - A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a ...
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
Scope: local
bookworm: resolved (fixed in 4.16.12-1)
bullseye: resolved (fixed in 4.16.12-1)
forky: resolved (fixed in 4.16.12-1)
sid: resolved (fixed in 4.16.12-1)
trixie: resolved (fixed in 4.16.12-1)
No detection rules found.
Bugzilla
CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service [fedora-all]
bugzilla·2018-05-17·CVSS 2.8
CVE-2018-1120 [LOW] CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service [fedora-all]
CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this iss
Bugzilla
CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
bugzilla·2018-05-07·CVSS 2.8
CVE-2018-1120 [LOW] CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
External references:
http://seclists.org/oss-sec/2018/q2/122
An upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830
Discussion:
Acknowledgments:
Name: Qualys Research Labs
---
Created kernel tracking
http://seclists.org/oss-sec/2018/q2/122http://www.securityfocus.com/bid/104229https://access.redhat.com/errata/RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:3083https://access.redhat.com/errata/RHSA-2018:3096https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830https://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlhttps://security.gentoo.org/glsa/201805-14https://usn.ubuntu.com/3752-1/https://usn.ubuntu.com/3752-2/https://usn.ubuntu.com/3752-3/https://usn.ubuntu.com/3910-1/https://usn.ubuntu.com/3910-2/https://www.exploit-db.com/exploits/44806/http://seclists.org/oss-sec/2018/q2/122http://www.securityfocus.com/bid/104229https://access.redhat.com/errata/RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:3083https://access.redhat.com/errata/RHSA-2018:3096https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830https://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlhttps://security.gentoo.org/glsa/201805-14https://usn.ubuntu.com/3752-1/https://usn.ubuntu.com/3752-2/https://usn.ubuntu.com/3752-3/https://usn.ubuntu.com/3910-1/https://usn.ubuntu.com/3910-2/https://www.exploit-db.com/exploits/44806/
2018-06-20
Published