PT-2019-1545 · Linux+3 · Linux Kernel+3

Jason Wang

Publicado

2019-01-28

Atualizado

2023-07-19

CVE-2018-16880

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions from v4.16 and newer

Description A flaw in the Linux kernel's handle rx() function in the vhost net driver can be exploited by a malicious virtual guest to trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host. This may lead to kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.

Recommendations For Linux kernel versions from v4.16 and newer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2019-1201

AZL-6518

BDU:2019-01069

CVE-2018-16880

OPENSUSE-SU-2019:1404-1

OPENSUSE-SU-2019_1404-1

SUSE-SU-2019:1240-1

SUSE-SU-2019:1241-1

SUSE-SU-2019:1242-1

SUSE-SU-2019:1244-1

SUSE-SU-2019:1550-1

SUSE-SU-2019:2430-1

USN-3903-1

USN-3903-2

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2019-1545 · Linux+3 · Linux Kernel+3

CVE-2018-16880

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 691