1. Home
  2. Vulnerabilities
  3. CVE-2018-16880

CVE-2018-16880

CVSS v3.1 7 (High)
70% Progress
CVSS v2.0 6.9 (Medium)
69% Progress
EPSS 0.06 % (28th)
0.06% Progress
Affected Products 2
Advisories 42
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.

Weaknesses
CWE-787
Out-of-bounds Write
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2019-01-29 16:29:00
(5 years ago)
Updated Date
2023-07-19 00:54:05
(14 months ago)

Affected Products

Canonical

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 4.16 version and prior 4.19.20 version cpe:2.3:o:linux:linux_kernel >= 4.16 < 4.19.20
  Linux Kernel from 4.20 version and prior 4.20.7 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 4.20.7

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 18.10 cpe:2.3:o:canonical:ubuntu_linux:18.10