CVE-2018-1120

CVSS v3.0 5.3 (Medium)

CVSS v2.0 3.5 (Low)

EPSS 0.10 % (41^th)

Affected Products 7

Advisories 71

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2018-06-20 13:29:00
(6 years ago)
Updated Date: 2019-10-09 23:38:08
(5 years ago)

Affected Products

Redhat

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 4.17 version	cpe:2.3:o:linux:linux_kernel		< 4.17

Configuration #2

		CPE23	From	Up To
	Redhat Virtualization Host 4.0	cpe:2.3:a:redhat:virtualization_host:4.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #3

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #4

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts

Weaknesses

Affected Products

Canonical

Debian

Linux

Redhat

Configuration #1

Configuration #2

Configuration #3

Configuration #4