CVE-2018-5814 — Race Condition in Kernel

CWE-362 — Race Condition13 documents8 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 92.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Linux Foundation Linux Kernel Canonical Ubuntu Linux +1 more

Timeline

PublishedJun 12

Latest updateMay 14

Description

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel4.5 — 4.9.102+3

▶Debianlinux/linux_kernel< 4.16.12-1+3

▶CVEListV5linux_foundation/linux_kernelBefore version 4.16.11, 4.14.43, 4.9.102, and 4.4.133

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-6345-747p-2qjq: In the Linux Kernel before version 4↗2022-05-14

▶

CVEList

CVE-2018-5814: In the Linux Kernel before version 4↗2018-06-12

▶

OSV

CVE-2018-5814: In the Linux Kernel before version 4↗2018-06-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure, GCP, OEM) vulnerabilities↗2018-08-28

▶

Ubuntu

Linux kernel vulnerabilities↗2018-08-24

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2018-08-24

▶

Ubuntu

Linux kernel vulnerabilities↗2018-07-02

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2018-07-02

▶

💬Community

Bugzilla

CVE-2018-5814 kernel: Race condition errors in USB over IP functionality can cause denial of service [fedora-all]↗2018-06-07

▶

Bugzilla

CVE-2018-5814 kernel: Race condition errors in USB over IP functionality can cause denial of service↗2018-06-07

▶