CVE-2018-5873

CVSS v3.1 7 (High)

CVSS v2.0 6.9 (Medium)

EPSS 0.06 % (28^th)

Affected Products 2

Advisories 1

An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Qualcomm, Inc.
Published Date: 2018-07-06 19:29:01
(6 years ago)
Updated Date: 2023-07-19 00:53:53
(14 months ago)

Affected Products

Google

Android

Linux

Linux Kernel

Configuration #1

		CPE23	From	Up To
	Google Android	cpe:2.3:o:google:android:-

Configuration #2

	CPE23	From	Up To
Linux Kernel from 3.19 version and prior 4.1.50 version	cpe:2.3:o:linux:linux_kernel	>= 3.19	< 4.1.50
Linux Kernel from 4.2 version and prior 4.4.116 version	cpe:2.3:o:linux:linux_kernel	>= 4.2	< 4.4.116
Linux Kernel from 4.5 version and prior 4.9.82 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.9.82
Linux Kernel from 4.10 version and prior 4.11 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.11