Vulnerabilites related to Linux Foundation - Linux Kernel
cve-2012-0810
Vulnerability from cvelistv5
Published
2020-02-12 13:14
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux Foundation | Linux kernel |
Version: before 3.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:38:14.519Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=794557", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Linux kernel", vendor: "Linux Foundation", versions: [ { status: "affected", version: "before 3.3", }, ], }, ], datePublic: "2012-02-23T00:00:00", descriptions: [ { lang: "en", value: "The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-12T13:14:31", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=794557", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=e5d4e1c3ccee18c68f23d62ba77bda26e893d4f0", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-stable-rt.git/commit/?id=bcf6b1d78c0bde228929c388978ed3af9a623463", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-0810", datePublished: "2020-02-12T13:14:32", dateReserved: "2012-01-19T00:00:00", dateUpdated: "2024-08-06T18:38:14.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5803
Vulnerability from cvelistv5
Published
2018-06-12 16:00
Modified
2024-08-05 05:47
Severity ?
EPSS score ?
Summary
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux Foundation | Linux Kernel |
Version: Before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:47:55.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "81331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "https://secuniaresearch.flexerasoftware.com/advisories/81331/", }, { name: "RHSA-2018:3083", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3083", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25", }, { name: "DSA-4187", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4187", }, { name: "USN-3654-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3654-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51", }, { name: "RHSA-2018:1854", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:1854", }, { name: "USN-3697-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3697-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102", }, { name: "DSA-4188", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4188", }, { name: "[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.spinics.net/lists/netdev/msg482523.html", }, { name: "RHSA-2018:2948", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:2948", }, { name: "USN-3697-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3697-2/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c", }, { name: "[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.spinics.net/lists/linux-sctp/msg07036.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8", }, { name: "USN-3654-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3654-2/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121", }, { name: "USN-3698-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3698-1/", }, { name: "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html", }, { name: "USN-3656-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3656-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/", }, { name: "RHSA-2018:3096", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3096", }, { name: "USN-3698-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3698-2/", }, { name: "RHSA-2019:0641", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0641", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Linux Kernel", vendor: "Linux Foundation", versions: [ { status: "affected", version: "Before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102.", }, ], }, ], datePublic: "2018-02-28T00:00:00", descriptions: [ { lang: "en", value: "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-26T10:06:07", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { name: "81331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "https://secuniaresearch.flexerasoftware.com/advisories/81331/", }, { name: "RHSA-2018:3083", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3083", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25", }, { name: "DSA-4187", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4187", }, { name: "USN-3654-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3654-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51", }, { name: "RHSA-2018:1854", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:1854", }, { name: "USN-3697-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3697-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102", }, { name: "DSA-4188", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4188", }, { name: "[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.spinics.net/lists/netdev/msg482523.html", }, { name: "RHSA-2018:2948", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:2948", }, { name: "USN-3697-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3697-2/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c", }, { name: "[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.spinics.net/lists/linux-sctp/msg07036.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8", }, { name: "USN-3654-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3654-2/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121", }, { name: "USN-3698-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3698-1/", }, { name: "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html", }, { name: "USN-3656-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3656-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/", }, { name: "RHSA-2018:3096", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3096", }, { name: "USN-3698-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3698-2/", }, { name: "RHSA-2019:0641", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0641", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2018-5803", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Linux Kernel", version: { version_data: [ { version_value: "Before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102.", }, ], }, }, ], }, vendor_name: "Linux Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "81331", refsource: "SECUNIA", url: "https://secuniaresearch.flexerasoftware.com/advisories/81331/", }, { name: "RHSA-2018:3083", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3083", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25", }, { name: "DSA-4187", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4187", }, { name: "USN-3654-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3654-1/", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51", }, { name: "RHSA-2018:1854", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:1854", }, { name: "USN-3697-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3697-1/", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102", }, { name: "DSA-4188", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4188", }, { name: "[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information", refsource: "MLIST", url: "https://www.spinics.net/lists/netdev/msg482523.html", }, { name: "RHSA-2018:2948", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2948", }, { name: "USN-3697-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3697-2/", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c", refsource: "CONFIRM", url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c", }, { name: "[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending", refsource: "MLIST", url: "https://www.spinics.net/lists/linux-sctp/msg07036.html", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8", }, { name: "USN-3654-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3654-2/", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121", }, { name: "USN-3698-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3698-1/", }, { name: "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html", }, { name: "USN-3656-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3656-1/", }, { name: "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/", refsource: "MISC", url: "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/", }, { name: "RHSA-2018:3096", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3096", }, { name: "USN-3698-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3698-2/", }, { name: "RHSA-2019:0641", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0641", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2018-5803", datePublished: "2018-06-12T16:00:00", dateReserved: "2018-01-19T00:00:00", dateUpdated: "2024-08-05T05:47:55.973Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5814
Vulnerability from cvelistv5
Published
2018-06-12 16:00
Modified
2024-08-05 05:47
Severity ?
EPSS score ?
Summary
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux Foundation | Linux Kernel |
Version: Before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:47:55.989Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3752-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3752-2/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html", }, { name: "USN-3696-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3696-1/", }, { name: "USN-3752-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3752-3/", }, { name: "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11", }, { name: "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/", }, { name: "USN-3696-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3696-2/", }, { name: "1041050", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041050", }, { name: "81540", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "https://secuniaresearch.flexerasoftware.com/advisories/81540/", }, { name: "USN-3752-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3752-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e", }, { name: "openSUSE-SU-2019:1407", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Linux Kernel", vendor: "Linux Foundation", versions: [ { status: "affected", version: "Before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133", }, ], }, ], datePublic: "2018-05-30T00:00:00", descriptions: [ { lang: "en", value: "In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-20T14:06:09", orgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", shortName: "flexera", }, references: [ { name: "USN-3752-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3752-2/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html", }, { name: "USN-3696-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3696-1/", }, { name: "USN-3752-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3752-3/", }, { name: "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11", }, { name: "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102", }, { tags: [ "x_refsource_MISC", ], url: "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/", }, { name: "USN-3696-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3696-2/", }, { name: "1041050", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041050", }, { name: "81540", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "https://secuniaresearch.flexerasoftware.com/advisories/81540/", }, { name: "USN-3752-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3752-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e", }, { name: "openSUSE-SU-2019:1407", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "PSIRT-CNA@flexerasoftware.com", ID: "CVE-2018-5814", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Linux Kernel", version: { version_data: [ { version_value: "Before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133", }, ], }, }, ], }, vendor_name: "Linux Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "USN-3752-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3752-2/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html", }, { name: "USN-3696-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3696-1/", }, { name: "USN-3752-3", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3752-3/", }, { name: "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11", }, { name: "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102", }, { name: "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/", refsource: "MISC", url: "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/", }, { name: "USN-3696-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3696-2/", }, { name: "1041050", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041050", }, { name: "81540", refsource: "SECUNIA", url: "https://secuniaresearch.flexerasoftware.com/advisories/81540/", }, { name: "USN-3752-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3752-1/", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7", refsource: "CONFIRM", url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e", refsource: "CONFIRM", url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e", }, { name: "openSUSE-SU-2019:1407", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "44d08088-2bea-4760-83a6-1e9be26b15ab", assignerShortName: "flexera", cveId: "CVE-2018-5814", datePublished: "2018-06-12T16:00:00", dateReserved: "2018-01-19T00:00:00", dateUpdated: "2024-08-05T05:47:55.989Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }