CVE-2018-12896 — Integer Overflow or Wraparound in Linux
Severity
5.5MEDIUMNVD
OSV9.8OSV7.8
EPSS
0.0%
top 90.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 2
Latest updateMay 14
Description
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed…
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04