PT-2018-17156 · Linux+5 · Linux Kernel+5

Jakub Jirasek

·

Published

2015-10-06

·

Updated

2019-03-27

·

CVE-2018-5803

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 4.15.8 Linux Kernel versions prior to 4.14.25 Linux Kernel versions prior to 4.9.87 Linux Kernel versions prior to 4.4.121 Linux Kernel versions prior to 4.1.51 Linux Kernel versions prior to 3.2.102
Description: The issue is related to an error in the sctp make chunk() function when handling SCTP packets length, which can be exploited to cause a kernel crash.
Recommendations: For versions prior to 4.15.8, update to version 4.15.8 or later. For versions prior to 4.14.25, update to version 4.14.25 or later. For versions prior to 4.9.87, update to version 4.9.87 or later. For versions prior to 4.4.121, update to version 4.4.121 or later. For versions prior to 4.1.51, update to version 4.1.51 or later. For versions prior to 3.2.102, update to version 3.2.102 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2015-1834
ALT-PU-2018-1407
ALT-PU-2018-1408
CESA-2018_1854
CESA-2018_3083
CVE-2018-5803
DLA-1369-1
DSA-4187-1
DSA-4188-1
OPENSUSE-SU-2018_1418-1
OPENSUSE-SU-2018_2119-1
RHSA-2018:1854
RHSA-2018:2948
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018_1854
RHSA-2018_3083
RHSA-2018_3096
RHSA-2019:0641
SUSE-SU-2018:1366-1
SUSE-SU-2018:1761-1
SUSE-SU-2018:1762-1
SUSE-SU-2018:1816-1
SUSE-SU-2018:1855-1
SUSE-SU-2018:1855-2
SUSE-SU-2018:2092-1
SUSE-SU-2018:2332-1
SUSE-SU-2018:2366-1
SUSE-SU-2018:2637-1
USN-3654-1
USN-3654-2
USN-3656-1
USN-3697-1
USN-3697-2
USN-3698-1
USN-3698-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu