PT-2018-2347 · Linux+5 · Linux Kernel+5

Icytxw

Published

2018-07-01

Updated

2024-06-15

CVE-2018-13053

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.17.4

Description The issue is related to an integer overflow in the alarm timer nsleep function due to a large relative timeout. This overflow occurs because ktime add safe is not used, which can lead to a denial of service.

Recommendations For Linux kernel versions prior to 4.17.4, update to version 4.17.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the alarm timer nsleep function to minimize the risk of exploitation.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2018-1971

ALT-PU-2018-1976

ALT-PU-2019-1433

BDU:2019-00517

CESA-2019_2029

CVE-2018-13053

DLA-1715-1

DLA-1731-1

DLA-1731-2

OPENSUSE-SU-2018_2118-1

OPENSUSE-SU-2018_2119-1

OPENSUSE-SU-2024:10728-1

OPENSUSE-SU-2024:13704-1

RHSA-2019:0831

RHSA-2019:2029

RHSA-2019:2043

RHSA-2019_2029

RHSA-2019_2043

SUSE-SU-2018:2051-1

SUSE-SU-2018:2092-1

SUSE-SU-2018:2150-1

SUSE-SU-2018:2222-1

SUSE-SU-2018:2332-1

SUSE-SU-2018:2344-1

SUSE-SU-2018:2344-2

SUSE-SU-2018:2362-1

SUSE-SU-2018:2366-1

SUSE-SU-2018:2384-1

SUSE-SU-2018:2637-1

SUSE-SU-2018_2051-1

SUSE-SU-2018_2362-1

SUSE-SU-2018_2384-1

USN-3821-1

USN-3821-2

USN-4094-1

USN-4118-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2018-2347 · Linux+5 · Linux Kernel+5

CVE-2018-13053

Weakness Enumeration

Related Identifiers

Affected Products

References · 730