CVE-2018-18386 — Incorrect Type Conversion or Cast in Kernel

CWE-704 — Incorrect Type Conversion or Cast CWE-843 — Type Confusion9 documents7 sources

Severity

3.3LOWNVD

OSV7.8

EPSS

0.0%

top 87.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux

Timeline

PublishedOct 17

Latest updateMay 14

Description

drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDlinux/linux_kernel< 4.14.11

▶Debianlinux/linux_kernel< 4.14.12-1+3

▶Ubuntulinux/linux_kernel< 3.13.0-164.214

▶debiandebian/linux< linux 4.14.12-1 (bookworm)

Also affects: Ubuntu Linux 12.04, 14.04

Patches

Patch: git.kernel.org ↗Patch: bugzilla.suse.com ↗Patch: cdn.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-j3hq-436j-w545: drivers/tty/n_tty↗2022-05-14

▶

OSV

linux vulnerabilities↗2018-12-20

▶

OSV

CVE-2018-18386: drivers/tty/n_tty↗2018-10-17

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2018-12-20

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2018-12-20

▶

Debian

CVE-2018-18386: linux - drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (w...↗2018

▶

Red Hat

kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service↗2017-12-20

▶

💬Community

Bugzilla

CVE-2018-18386 kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service↗2018-10-18

▶