CVE-2018-18445

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.06 % (28^th)

Affected Products 8

Advisories 16

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

Weaknesses

CWE-125: Out-of-bounds Read

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-10-17 19:29:00
(6 years ago)
Updated Date: 2023-01-17 21:34:37
(20 months ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Redhat

Configuration #1

		CPE23	From	Up To
	Linux Kernel from 4.14.9 version and prior 4.14.75 version	cpe:2.3:o:linux:linux_kernel	>= 4.14.9	< 4.14.75
	Linux Kernel from 4.15 version and prior 4.18.13 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.18.13

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10

Configuration #3

		CPE23	From	Up To
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Server 7.6	cpe:2.3:o:redhat:enterprise_linux_server:7.6
	Redhat Enterprise Linux Server Aus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
	Redhat Enterprise Linux Server Eus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
	Redhat Enterprise Linux Server Tus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0