CVE-2018-18559
published 2018-10-22CVE-2018-18559: In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.14.7-1 (bookworm) | linux 4.14.7-1 (bookworm) |
| linux | linux_kernel | >= 0 < 4.14.7-1 | 4.14.7-1 |
| linux | linux_kernel | >= 0 < 4.14.7-1 | 4.14.7-1 |
| linux | linux_kernel | >= 0 < 4.14.7-1 | 4.14.7-1 |
| linux | linux_kernel | >= 0 < 4.14.7-1 | 4.14.7-1 |
| linux | linux_kernel | >= 3.14.58 < 3.15 | 3.15 |
| linux | linux_kernel | >= 3.18.25 < 3.18.88 | 3.18.88 |
| linux | linux_kernel | >= 3.2.95 < 3.2.100 | 3.2.100 |
| linux | linux_kernel | >= 4.1.14 < 4.1.49 | 4.1.49 |
| linux | linux_kernel | >= 4.10 < 4.14.7 | 4.14.7 |
| linux | linux_kernel | >= 4.2.7 < 4.3 | 4.3 |
| linux | linux_kernel | >= 4.3.1 < 4.4.106 | 4.4.106 |
| linux | linux_kernel | >= 4.5 < 4.9.70 | 4.9.70 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_eus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH