CVE-2018-1000204

CVSS v3.0 5.3 (Medium)

CVSS v2.0 6.3 (Medium)

EPSS 0.14 % (51^th)

Affected Products 3

Advisories 19

NVD Status Modified

Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing chmod o+r+w /dev/sg* to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit.

Weaknesses

CWE-NVD-noinfo

Related CVEs

CVE-2022-48853

CVE Status: PUBLISHED
NVD Status: Modified
CNA: MITRE
Published Date: 2018-06-26 14:29:02
(6 years ago)
Updated Date: 2024-08-05 13:15:38
(6 weeks ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Linux Kernel from 3.18 version and 4.16 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 3.18	<= 4.16

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Weaknesses

Related CVEs

Affected Products

Canonical

Debian

Linux

Configuration #1

Configuration #2