CVE-2018-13053Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or Wraparound16 documents8 sources
Severity
3.3LOWNVD
OSV5.5
EPSS
0.0%
top 91.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedJul 2
Latest updateSep 15

Description

The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

Debianlinux/linux_kernel< 4.18.20-1+3
Ubuntulinux/linux_kernel< 4.4.0-139.165+1
NVDlinux/linux_kernel4.17.3
debiandebian/linux< linux 4.18.20-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04

Patches

Patch: bugzilla.kernel.orgPatch: git.kernel.orgPatch: bugzilla.kernel.org

🔴Vulnerability Details

6
GHSA
GHSA-h7hx-58m7-w49m: The alarm_timer_nsleep function in kernel/time/alarmtimer2022-05-14
OSV
linux-aws vulnerabilities2019-09-02
OSV
linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2019-08-13
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2018-11-14
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-11-14

📋Vendor Advisories

6
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel vulnerabilities2019-08-13
Ubuntu
Linux kernel vulnerabilities2018-11-14
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-11-14
Red Hat
kernel: Integer overflow in the alarm_timer_nsleep function2018-06-27

📄Research Papers

1
arXiv
BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKS2024-09-15

💬Community

2
Bugzilla
CVE-2018-13053 kernel: Integer overflow in the alarm_timer_nsleep function2018-07-03
Bugzilla
CVE-2018-13053 kernel: Integer overflow in the alarm_timer_nsleep function [fedora-all]2018-07-03