1. Home
  2. Vulnerabilities
  3. CVE-2018-18559

CVE-2018-18559

CVSS v3.1 8.1 (High)
81% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.84 % (82th)
0.84% Progress
Affected Products 9
Advisories 4
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

Weaknesses
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-10-22 16:29:00
(5 years ago)
Updated Date
2023-05-16 11:14:50
(16 months ago)

Affected Products

Linux

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.2.95 version and prior 3.2.100 version cpe:2.3:o:linux:linux_kernel >= 3.2.95 < 3.2.100
  Linux Kernel from 3.14.58 version and prior 3.15 version cpe:2.3:o:linux:linux_kernel >= 3.14.58 < 3.15
  Linux Kernel from 3.18.25 version and prior 3.18.88 version cpe:2.3:o:linux:linux_kernel >= 3.18.25 < 3.18.88
  Linux Kernel from 4.1.14 version and prior 4.1.49 version cpe:2.3:o:linux:linux_kernel >= 4.1.14 < 4.1.49
  Linux Kernel from 4.2.7 version and prior 4.3 version cpe:2.3:o:linux:linux_kernel >= 4.2.7 < 4.3
  Linux Kernel from 4.3.1 version and prior 4.4.106 version cpe:2.3:o:linux:linux_kernel >= 4.3.1 < 4.4.106
  Linux Kernel from 4.5 version and prior 4.9.70 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.70
  Linux Kernel from 4.10 version and prior 4.14.7 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.7

Configuration #2

    CPE23 From Up To
  Redhat Openshift Container Platform 3.11 cpe:2.3:a:redhat:openshift_container_platform:3.11
  Redhat Virtualization Host 4.0 cpe:2.3:a:redhat:virtualization_host:4.0
  Redhat Enterprise Linux Desktop 7.0 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0
  Redhat Enterprise Linux Server Aus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  Redhat Enterprise Linux Server Eus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  Redhat Enterprise Linux Server Tus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  Redhat Enterprise Linux Workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0