PT-2018-17156 · Linux+5 · Linux Kernel+5

Jakub Jirasek

·

Publicado

2015-10-06

·

Atualizado

2019-03-27

·

CVE-2018-5803

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.15.8 Linux Kernel versions prior to 4.14.25 Linux Kernel versions prior to 4.9.87 Linux Kernel versions prior to 4.4.121 Linux Kernel versions prior to 4.1.51 Linux Kernel versions prior to 3.2.102
Description: The issue is related to an error in the sctp make chunk() function when handling SCTP packets length, which can be exploited to cause a kernel crash.
Recommendations: For versions prior to 4.15.8, update to version 4.15.8 or later. For versions prior to 4.14.25, update to version 4.14.25 or later. For versions prior to 4.9.87, update to version 4.9.87 or later. For versions prior to 4.4.121, update to version 4.4.121 or later. For versions prior to 4.1.51, update to version 4.1.51 or later. For versions prior to 3.2.102, update to version 3.2.102 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2015-1834
ALT-PU-2018-1407
ALT-PU-2018-1408
CESA-2018_1854
CESA-2018_3083
CVE-2018-5803
DLA-1369-1
DSA-4187-1
DSA-4188-1
OPENSUSE-SU-2018_1418-1
OPENSUSE-SU-2018_2119-1
RHSA-2018:1854
RHSA-2018:2948
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018_1854
RHSA-2018_3083
RHSA-2018_3096
RHSA-2019:0641
SUSE-SU-2018:1366-1
SUSE-SU-2018:1761-1
SUSE-SU-2018:1762-1
SUSE-SU-2018:1816-1
SUSE-SU-2018:1855-1
SUSE-SU-2018:1855-2
SUSE-SU-2018:2092-1
SUSE-SU-2018:2332-1
SUSE-SU-2018:2366-1
SUSE-SU-2018:2637-1
USN-3654-1
USN-3654-2
USN-3656-1
USN-3697-1
USN-3697-2
USN-3698-1
USN-3698-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu