PT-2019-1545 · Linux+3 · Linux Kernel+3

Jason Wang

Published

2019-01-28

Updated

2023-07-19

CVE-2018-16880

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions from v4.16 and newer

Description A flaw in the Linux kernel's handle rx() function in the vhost net driver can be exploited by a malicious virtual guest to trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host. This may lead to kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.

Recommendations For Linux kernel versions from v4.16 and newer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-1201

AZL-6518

BDU:2019-01069

CVE-2018-16880

OPENSUSE-SU-2019:1404-1

OPENSUSE-SU-2019_1404-1

SUSE-SU-2019:1240-1

SUSE-SU-2019:1241-1

SUSE-SU-2019:1242-1

SUSE-SU-2019:1244-1

SUSE-SU-2019:1550-1

SUSE-SU-2019:2430-1

USN-3903-1

USN-3903-2

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2019-1545 · Linux+3 · Linux Kernel+3

CVE-2018-16880

Weakness Enumeration

Related Identifiers

Affected Products

References · 691