ID CVE-2018-9568
Summary In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:virtualization:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:virtualization:4.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 10-09-2019 - 18:15)
Impact:
Exploitability:
CWE CWE-704
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2019:0512
  • rhsa
    id RHSA-2019:0514
rpms
  • bpftool-0:3.10.0-957.10.1.el7
  • kernel-0:3.10.0-957.10.1.el7
  • kernel-abi-whitelists-0:3.10.0-957.10.1.el7
  • kernel-bootwrapper-0:3.10.0-957.10.1.el7
  • kernel-debug-0:3.10.0-957.10.1.el7
  • kernel-debug-devel-0:3.10.0-957.10.1.el7
  • kernel-devel-0:3.10.0-957.10.1.el7
  • kernel-doc-0:3.10.0-957.10.1.el7
  • kernel-headers-0:3.10.0-957.10.1.el7
  • kernel-kdump-0:3.10.0-957.10.1.el7
  • kernel-kdump-devel-0:3.10.0-957.10.1.el7
  • kernel-tools-0:3.10.0-957.10.1.el7
  • kernel-tools-libs-0:3.10.0-957.10.1.el7
  • kernel-tools-libs-devel-0:3.10.0-957.10.1.el7
  • perf-0:3.10.0-957.10.1.el7
  • python-perf-0:3.10.0-957.10.1.el7
  • kernel-rt-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debug-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debug-devel-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-debug-kvm-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-devel-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-doc-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-kvm-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-trace-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-trace-devel-0:3.10.0-957.10.1.rt56.921.el7
  • kernel-rt-trace-kvm-0:3.10.0-957.10.1.rt56.921.el7
refmap via4
confirm https://source.android.com/security/bulletin/2018-12-01
ubuntu
  • USN-3880-1
  • USN-3880-2
Last major update 10-09-2019 - 18:15
Published 06-12-2018 - 14:29
Back to Top