Vulnerabilites related to Linux Foundation - Linux Kernel
CVE-2018-5803 (GCVE-0-2018-5803)
Vulnerability from cvelistv5
Published
2018-06-12 16:00
Modified
2024-08-05 05:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux Foundation | Linux Kernel |
Version: Before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:55.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81331/"
},
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25"
},
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3654-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "USN-3697-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3697-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102"
},
{
"name": "DSA-4188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.spinics.net/lists/netdev/msg482523.html"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3697-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3697-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c"
},
{
"name": "[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.spinics.net/lists/linux-sctp/msg07036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8"
},
{
"name": "USN-3654-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121"
},
{
"name": "USN-3698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3698-1/"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "USN-3656-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3656-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3698-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3698-2/"
},
{
"name": "RHSA-2019:0641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux Kernel",
"vendor": "Linux Foundation",
"versions": [
{
"status": "affected",
"version": "Before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102."
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T10:06:07",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "81331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81331/"
},
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25"
},
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3654-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "USN-3697-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3697-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102"
},
{
"name": "DSA-4188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.spinics.net/lists/netdev/msg482523.html"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3697-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3697-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c"
},
{
"name": "[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.spinics.net/lists/linux-sctp/msg07036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8"
},
{
"name": "USN-3654-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121"
},
{
"name": "USN-3698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3698-1/"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "USN-3656-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3656-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3698-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3698-2/"
},
{
"name": "RHSA-2019:0641",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2018-5803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "Before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102."
}
]
}
}
]
},
"vendor_name": "Linux Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81331",
"refsource": "SECUNIA",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81331/"
},
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25"
},
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3654-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "USN-3697-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3697-1/"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information",
"refsource": "MLIST",
"url": "https://www.spinics.net/lists/netdev/msg482523.html"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3697-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3697-2/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c"
},
{
"name": "[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending",
"refsource": "MLIST",
"url": "https://www.spinics.net/lists/linux-sctp/msg07036.html"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8"
},
{
"name": "USN-3654-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121"
},
{
"name": "USN-3698-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-1/"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "USN-3656-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3656-1/"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3698-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-2/"
},
{
"name": "RHSA-2019:0641",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2018-5803",
"datePublished": "2018-06-12T16:00:00",
"dateReserved": "2018-01-19T00:00:00",
"dateUpdated": "2024-08-05T05:47:55.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0810 (GCVE-0-2012-0810)
Vulnerability from cvelistv5
Published
2020-02-12 13:14
Modified
2024-08-06 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux Foundation | Linux kernel |
Version: before 3.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794557"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux kernel",
"vendor": "Linux Foundation",
"versions": [
{
"status": "affected",
"version": "before 3.3"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T13:14:31",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794557"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0810",
"datePublished": "2020-02-12T13:14:32",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5814 (GCVE-0-2018-5814)
Vulnerability from cvelistv5
Published
2018-06-12 16:00
Modified
2024-08-05 05:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux Foundation | Linux Kernel |
Version: Before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:55.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3752-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "USN-3696-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3696-1/"
},
{
"name": "USN-3752-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/"
},
{
"name": "USN-3696-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3696-2/"
},
{
"name": "1041050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041050"
},
{
"name": "81540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81540/"
},
{
"name": "USN-3752-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e"
},
{
"name": "openSUSE-SU-2019:1407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux Kernel",
"vendor": "Linux Foundation",
"versions": [
{
"status": "affected",
"version": "Before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T14:06:09",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "USN-3752-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "USN-3696-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3696-1/"
},
{
"name": "USN-3752-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/"
},
{
"name": "USN-3696-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3696-2/"
},
{
"name": "1041050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041050"
},
{
"name": "81540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81540/"
},
{
"name": "USN-3752-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e"
},
{
"name": "openSUSE-SU-2019:1407",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2018-5814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "Before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133"
}
]
}
}
]
},
"vendor_name": "Linux Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"name": "USN-3696-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-1/"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11"
},
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102",
"refsource": "CONFIRM",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/"
},
{
"name": "USN-3696-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-2/"
},
{
"name": "1041050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041050"
},
{
"name": "81540",
"refsource": "SECUNIA",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81540/"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e"
},
{
"name": "openSUSE-SU-2019:1407",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2018-5814",
"datePublished": "2018-06-12T16:00:00",
"dateReserved": "2018-01-19T00:00:00",
"dateUpdated": "2024-08-05T05:47:55.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}