CVE-2018-8043NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-252Unchecked Return Value15 documents7 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.1%
top 76.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxCanonical Ubuntu Linux
Timeline
PublishedMar 10
Latest updateMay 14

Description

The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 4.16.5-1+3
Ubuntulinux/linux_kernel< 4.4.0-119.143
NVDlinux/linux_kernel4.15.8
debiandebian/linux< linux 4.16.5-1 (bookworm)

Also affects: Ubuntu Linux 14.04, 16.04, 17.10

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

5
GHSA
GHSA-74vr-h68j-rmh2: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac2022-05-14
OSV
linux-azure vulnerabilities2018-04-24
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-04-05
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2018-04-04
OSV
CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac2018-03-10

📋Vendor Advisories

7
Ubuntu
Linux kernel (HWE) vulnerability2018-04-24
Ubuntu
Linux kernel (Azure) vulnerabilities2018-04-24
Ubuntu
Linux kernel vulnerability2018-04-23
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-04-05
Ubuntu
Linux kernel vulnerabilities2018-04-04

💬Community

2
Bugzilla
CVE-2018-8043 kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() can lead to denial of service2018-03-12
Bugzilla
CVE-2018-8043 kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() can lead to denial of service [fedora-all]2018-03-12