PT-2018-17158 · Linux+3 · Linux Kernel+3

Jakub Jirasek

Publicado

2018-05-30

Atualizado

2019-05-20

CVE-2018-5814

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.16.11 Linux Kernel versions prior to 4.14.43 Linux Kernel versions prior to 4.9.102 Linux Kernel versions prior to 4.4.133

Description: The issue is related to multiple race condition errors when handling probe, disconnect, and rebind operations. These errors can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.

Recommendations: For Linux Kernel versions prior to 4.16.11, update to version 4.16.11 or later. For Linux Kernel versions prior to 4.14.43, update to version 4.14.43 or later. For Linux Kernel versions prior to 4.9.102, update to version 4.9.102 or later. For Linux Kernel versions prior to 4.4.133, update to version 4.4.133 or later.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2018-1817

ALT-PU-2018-1826

CVE-2018-5814

DLA-1422-1

DLA-1422-2

DLA-1423-1

OPENSUSE-SU-2019_1407-1

SUSE-SU-2018:2332-1

SUSE-SU-2018:2344-1

SUSE-SU-2018:2344-2

SUSE-SU-2018:2366-1

SUSE-SU-2018:2637-1

SUSE-SU-2019:1245-1

USN-3696-1

USN-3696-2

USN-3752-1

USN-3752-2

USN-3752-3

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2018-17158 · Linux+3 · Linux Kernel+3

CVE-2018-5814

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 229