CVE-2018-20784Infinite Loop in Kernel

CWE-835Infinite Loop15 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 32.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelCanonical Ubuntu LinuxRedhat Enterprise Linux+1 more
Timeline
PublishedFeb 22
Latest updateMay 13

Description

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel4.134.14.93+3
Debianlinux/linux_kernel< 4.19.16-1+3
Ubuntulinux/linux_kernel< 4.4.0-170.199

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 8.0, 8

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

6
GHSA
GHSA-qg2g-rfcv-qffx: In the Linux kernel before 42022-05-13
OSV
linux-lts-xenial, linux-aws vulnerabilities2019-12-03
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2019-12-03
OSV
linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities2019-09-02
OSV
CVE-2018-20784: In the Linux kernel before 42019-02-22

📋Vendor Advisories

6
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2019-12-03
Ubuntu
Linux kernel vulnerabilities2019-12-03
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel vulnerabilities2019-09-02
Red Hat
kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service2018-12-28

💬Community

2
Bugzilla
CVE-2018-20784 kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service [fedora-all]2019-02-25
Bugzilla
CVE-2018-20784 kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service2019-02-25
CVE-2018-20784 — Infinite Loop in Linux Kernel | cvebase