PT-2018-2601 · Linux+5 · Linux Kernel+5

Zhipeng Xie

Publicado

2018-04-06

Atualizado

2023-08-16

CVE-2018-20784

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.20.2

Description The issue is related to the implementation of the update blocked averages() function in the Linux kernel, which can lead to an infinite loop due to an unreachable exit condition. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is caused by the mishandling of leaf cfs rq's in the kernel/sched/fair.c file, allowing attackers to induce a high load and potentially have other unspecified impacts.

Recommendations For Linux kernel versions prior to 4.20.2, update to version 4.20.2 or later to resolve the issue. As a temporary workaround, consider restricting system load to minimize the risk of exploitation.

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALT-PU-2018-1557

ALT-PU-2019-1046

ALT-PU-2019-1048

ALT-PU-2019-1139

BDU:2019-01113

CESA-2019_1959

CESA-2019_1971

CVE-2018-20784

RHSA-2019:1959

RHSA-2019:1971

RHSA-2019_1959

RHSA-2019_1971

SUSE-SU-2022:2077-1

SUSE-SU-2022:2082-1

SUSE-SU-2023:2805-1

SUSE-SU-2023:3324-1

USN-4115-1

USN-4115-2

USN-4118-1

USN-4211-1

USN-4211-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2018-2601 · Linux+5 · Linux Kernel+5

CVE-2018-20784

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 287