PT-2018-2960 · Linux+3 · Linux Kernel+3
Paolo Abeni
+1
·
Publicado
2014-04-02
·
Atualizado
2023-02-13
·
CVE-2018-16885
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel version 3.10.x
Description
The issue is related to a flaw in the Linux kernel that allows userspace to call functions like
memcpy fromiovecend() with a zero offset and buffer length, causing a read beyond buffer boundaries. This can lead to a memory access fault and a system halt by accessing an invalid memory address. The exploitation of this issue may allow an attacker to cause a denial of service.Recommendations
For Linux kernel version 3.10.x, consider disabling the
memcpy fromiovecend() function as a temporary workaround until a patch is available. Restrict access to similar functions that may cause buffer boundary overflows to minimize the risk of exploitation.Exploit
Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Linux Kernel
Red Hat