CVE-2018-20784

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 1.46 % (87^th)

Affected Products 4

Advisories 10

In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.

Weaknesses

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-02-22 15:29:00
(5 years ago)
Updated Date: 2021-06-02 15:28:24
(3 years ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Redhat

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.13 version and prior 4.14.93 version	cpe:2.3:o:linux:linux_kernel	>= 4.13	< 4.14.93
Linux Kernel from 4.19 version and prior 4.19.15 version	cpe:2.3:o:linux:linux_kernel	>= 4.19	< 4.19.15
Linux Kernel from 4.20 version and prior 4.20.2 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 4.20.2
Linux Kernel 5.0 Rc1	cpe:2.3:o:linux:linux_kernel:5.0:rc1

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts

Configuration #3

		CPE23	From	Up To
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux for Real Time 8	cpe:2.3:o:redhat:enterprise_linux_for_real_time:8