7.8
CVE-2018-17182
- EPSS 2.5%
- Published 19.09.2018 09:29:00
- Last modified 21.11.2024 03:54:02
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.16 < 3.16.58
Linux ≫ Linux Kernel Version >= 3.17 < 3.18.123
Linux ≫ Linux Kernel Version >= 3.19 < 4.4.157
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.128
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.71
Linux ≫ Linux Kernel Version >= 4.15 < 4.18.9
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Netapp ≫ Active Iq Performance Analytics Services Version-
Netapp ≫ Element Software Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.5% | 0.848 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.