CVE-2018-16885

CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 80.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel THE Linux Foundation Kernel Redhat Enterprise Linux Server

Timeline

PublishedJan 3

Latest updateMay 14

Description

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5the_linux_foundation/kernel3.10.x as shipped with Red Hat Enterprise Linux 7

▶NVDlinux/linux_kernel3.10.0 — 3.10.90

▶NVDredhat/enterprise_linux_server7.0

▶Debianlinux< 3.16.2-1+3

🔴Vulnerability Details

GHSA

GHSA-cvhh-gmhx-mhv4: A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer lengt↗2022-05-14

▶

CVEList

CVE-2018-16885: A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer lengt↗2019-01-03

▶

OSV

CVE-2018-16885: A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer lengt↗2019-01-03

▶

📋Vendor Advisories

Red Hat

kernel: out-of-bound read in memcpy_fromiovecend()↗2018-12-21

▶

Debian

CVE-2018-16885: linux - A flaw was found in the Linux kernel that allows the userspace to call memcpy_fr...↗2018

▶

💬Community

Bugzilla

CVE-2018-16885 kernel: out-of-bound read in memcpy_fromiovecend()↗2018-12-21

▶