CVE-2018-16880
Severity
7.0HIGH
EPSS
0.1%
top 72.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 29
Latest updateMay 14
Description
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages3 packages
Also affects: Ubuntu Linux 18.04, 18.10
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-x3fm-32v3-x7hm: A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver↗2022-05-14
CVEList▶
CVE-2018-16880: A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver↗2019-01-29
OSV▶
CVE-2018-16880: A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver↗2019-01-29
📋Vendor Advisories
5Microsoft▶
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest under specific conditions can trigger an out-of-bounds write in a kmalloc-8 slab on a v↗2019-01-08
Debian▶
CVE-2018-16880: linux - A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] d...↗2018