PT-2018-17185 · Linux+3 · Linux Kernel+3

Published

2018-06-12

·

Updated

2023-02-21

·

CVE-2018-5848

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to the version that includes the fix for this issue
Description: The issue arises from improper handling of unsigned integer overflow in the wmi set ie() function's length validation code. This can lead to a buffer overflow when a large value is passed as the ie len argument. The problem affects all Android releases from CAF using the Linux Kernel.
Recommendations: For Linux Kernel versions prior to the version that includes the fix for this issue, as a temporary workaround, consider restricting the use of the wmi set ie() function until a patch is available. Avoid using large values for the ie len argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-190

Related Identifiers

CESA-2018_3083
CVE-2018-5848
DLA-1715-1
DLA-1731-1
DLA-1731-2
OPENSUSE-SU-2018_1773-1
OPENSUSE-SU-2018_2119-1
RHSA-2018:2948
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018_3083
RHSA-2018_3096
SUSE-SU-2018:1761-1
SUSE-SU-2018:1762-1
SUSE-SU-2018:1772-1
SUSE-SU-2018:1816-1
SUSE-SU-2018:1855-1
SUSE-SU-2018:1855-2
SUSE-SU-2018:2092-1
SUSE-SU-2018:4127-1
SUSE-SU-2018:4153-1
SUSE-SU-2018:4157-1
SUSE-SU-2018:4195-1
SUSE-SU-2018:4208-1
SUSE-SU-2018:4238-1
SUSE-SU-2018_4127-1
SUSE-SU-2018_4153-1
SUSE-SU-2018_4157-1
SUSE-SU-2018_4195-1
SUSE-SU-2018_4238-1

Affected Products

Centos
Linux Kernel
Red Hat
Suse