CVE-2018-5803Improper Input Validation in Kernel

CWE-20Improper Input Validation15 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 74.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelLinux Foundation Linux KernelDebian Linux+4 more
Timeline
PublishedJun 12
Latest updateMay 14

Description

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel3.34.1.51+4
Debianlinux/linux_kernel< 4.15.11-1+3
CVEListV5linux_foundation/linux_kernelBefore version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102.

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-rw4x-j5hr-xcjv: In the Linux Kernel before version 42022-05-14
CVEList
CVE-2018-5803: In the Linux Kernel before version 42018-06-12
OSV
CVE-2018-5803: In the Linux Kernel before version 42018-06-12

📋Vendor Advisories

9
Ubuntu
Linux kernel vulnerabilities2018-07-02
Ubuntu
Linux kernel vulnerabilities2018-07-02
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-07-02
Ubuntu
Linux kernel (OEM) vulnerabilities2018-07-02
Ubuntu
Linux kernel vulnerabilities2018-05-22

💬Community

2
Bugzilla
CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service2018-03-02
Bugzilla
CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service [fedora-all]2018-03-02
CVE-2018-5803 — Improper Input Validation in Kernel | cvebase