CVE-2018-20855

CVSS v3.1 3.3 (Low)

CVSS v2.0 2.1 (Low)

EPSS 0.06 % (27^th)

Affected Products 6

Advisories 14

An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-07-26 05:15:10
(5 years ago)
Updated Date: 2019-11-20 15:31:14
(4 years ago)

Affected Products

Linux

Linux Kernel

Netapp

Opensuse

Leap

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 4.18.7 version	cpe:2.3:o:linux:linux_kernel		< 4.18.7

Configuration #2

		CPE23	From	Up To
	Opensuse Leap 15.0	cpe:2.3:o:opensuse:leap:15.0
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1

Configuration #3

	CPE23	From
Netapp Active Iq Performance Analytics Services	cpe:2.3:a:netapp:active_iq_performance_analytics_services:-
Netapp Active Iq Unified Manager for Vmware Vsphere from 9.5 version	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere	>= 9.5
Netapp Data Availability Services	cpe:2.3:a:netapp:data_availability_services:-
Netapp Element Software	cpe:2.3:a:netapp:element_software:-