CVE-2018-18559

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.20

Description A use-after-free issue exists in the Linux kernel due to a race condition between fanout add from setsockopt and bind on an AF PACKET socket. This occurs because of an incomplete fix for a race condition, which mishandles a certain multithreaded case involving a packet do bind unregister action followed by a packet notifier register action. The issue allows an attacker to achieve Program Counter control. The vulnerability is related to errors in synchronization when using a shared resource, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 4.20, update to a version that includes the complete fix for the race condition to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.