Vulnerability-Lookup

CVE-2018-10689 (GCVE-0-2018-10689)

Vulnerability from cvelistv5 – Published: 2018-05-03 07:00 – Updated: 2024-08-05 07:46

Summary

blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

6 references

URL	Tags
https://www.spinics.net/lists/linux-btrace/msg008…	x_refsource_MISC
http://www.securityfocus.com/bid/104142	vdb-entryx_refsource_BID
http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=…	x_refsource_MISC
https://git.kernel.org/pub/scm/linux/kernel/git/a…	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:2162	vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/202107-15	vendor-advisoryx_refsource_GENTOO

Date Public ?

2018-05-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:46.340Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/linux-btrace/msg00847.html"
          },
          {
            "name": "104142",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104142"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
          },
          {
            "name": "RHSA-2019:2162",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2162"
          },
          {
            "name": "GLSA-202107-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-05-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-08T06:06:34.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.spinics.net/lists/linux-btrace/msg00847.html"
        },
        {
          "name": "104142",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104142"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
        },
        {
          "name": "RHSA-2019:2162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2162"
        },
        {
          "name": "GLSA-202107-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10689",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.spinics.net/lists/linux-btrace/msg00847.html",
              "refsource": "MISC",
              "url": "https://www.spinics.net/lists/linux-btrace/msg00847.html"
            },
            {
              "name": "104142",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104142"
            },
            {
              "name": "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
              "refsource": "MISC",
              "url": "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
            },
            {
              "name": "RHSA-2019:2162",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2162"
            },
            {
              "name": "GLSA-202107-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10689",
    "datePublished": "2018-05-03T07:00:00.000Z",
    "dateReserved": "2018-05-03T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:46:46.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-10689",
      "date": "2026-05-22",
      "epss": "0.0015",
      "percentile": "0.35202"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:blktrace_project:blktrace:1.2.0:*:*:*:*:android:*:*\", \"matchCriteriaId\": \"227B5E24-DEEA-4DB2-A305-4E99BBA0575B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:blktrace_project:blktrace:1.2.0:*:*:*:*:linux:*:*\", \"matchCriteriaId\": \"D214C720-D7ED-4B68-8444-CAA0FFD7FC86\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.\"}, {\"lang\": \"es\", \"value\": \"blktrace (tambi\\u00e9n conocido como Block IO Tracing) 1.2.0, tal y como se emplea en el kernel de Linux y Android, tiene un desbordamiento de b\\u00fafer en la funci\\u00f3n dev_map_read en btt/devmap.c debido a que los arrays device y devno son demasiado peque\\u00f1os, tal y como queda demostrado con una liberaci\\u00f3n no v\\u00e1lida al emplear el programa btt con un archivo manipulado.\"}]",
      "id": "CVE-2018-10689",
      "lastModified": "2024-11-21T03:41:51.187",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-05-03T07:29:00.210",
      "references": "[{\"url\": \"http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/104142\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2162\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://security.gentoo.org/glsa/202107-15\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.spinics.net/lists/linux-btrace/msg00847.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/104142\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2162\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://security.gentoo.org/glsa/202107-15\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.spinics.net/lists/linux-btrace/msg00847.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-10689\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-05-03T07:29:00.210\",\"lastModified\":\"2024-11-21T03:41:51.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.\"},{\"lang\":\"es\",\"value\":\"blktrace (tambi\u00e9n conocido como Block IO Tracing) 1.2.0, tal y como se emplea en el kernel de Linux y Android, tiene un desbordamiento de b\u00fafer en la funci\u00f3n dev_map_read en btt/devmap.c debido a que los arrays device y devno son demasiado peque\u00f1os, tal y como queda demostrado con una liberaci\u00f3n no v\u00e1lida al emplear el programa btt con un archivo manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blktrace_project:blktrace:1.2.0:*:*:*:*:android:*:*\",\"matchCriteriaId\":\"227B5E24-DEEA-4DB2-A305-4E99BBA0575B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blktrace_project:blktrace:1.2.0:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"D214C720-D7ED-4B68-8444-CAA0FFD7FC86\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/104142\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2162\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.gentoo.org/glsa/202107-15\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.spinics.net/lists/linux-btrace/msg00847.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/104142\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.gentoo.org/glsa/202107-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.spinics.net/lists/linux-btrace/msg00847.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-916

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Contrail Networking versions antérieures à R22.3
Juniper Networks	N/A	Paragon Active Assurance (anciennement Netrounds) versions antérieures à 3.1.1
Juniper Networks	Junos Space	Junos Space versions antérieures à 22.2R1
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO
Juniper Networks	N/A	Contrail Networking versions antérieures à 2011.L5
Juniper Networks	N/A	Steel Belted Radius Carrier Edition versions antérieures à 8.6.0R16
Juniper Networks	Junos OS	Junos OS versions antérieures à 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1
Juniper Networks	Session Smart Router	Session Smart Router versions antérieures à 5.4.7
Juniper Networks	Session Smart Router	Session Smart Router versions 5.5.x antérieures à 5.5.3
Juniper Networks	N/A	Paragon Active Assurance (anciennement Netrounds) versions 3.2.x antérieures à 3.2.1

References

Title

Publication Time

CERTFR-2022-AVI-916

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Contrail Networking versions antérieures à R22.3
Juniper Networks	N/A	Paragon Active Assurance (anciennement Netrounds) versions antérieures à 3.1.1
Juniper Networks	Junos Space	Junos Space versions antérieures à 22.2R1
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO
Juniper Networks	N/A	Contrail Networking versions antérieures à 2011.L5
Juniper Networks	N/A	Steel Belted Radius Carrier Edition versions antérieures à 8.6.0R16
Juniper Networks	Junos OS	Junos OS versions antérieures à 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1
Juniper Networks	Session Smart Router	Session Smart Router versions antérieures à 5.4.7
Juniper Networks	Session Smart Router	Session Smart Router versions 5.5.x antérieures à 5.5.3
Juniper Networks	N/A	Paragon Active Assurance (anciennement Netrounds) versions 3.2.x antérieures à 3.2.1

References

Title

Publication Time

BDU:2021-00237

Vulnerability from fstec - Published: 02.05.2018

Title

Уязвимость функции dev_map_read утилиты для трассировки операций ввода-вывода Blktrace, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции dev_map_read (btt/devmap.c) утилиты для трассировки операций ввода-вывода Blktrace связана с выходом операции за допустимые границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor

ООО «РусБИТех-Астра», Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc.

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, OpenSUSE Leap, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, Blktrace

Software Version

1.5 «Смоленск» (Astra Linux Special Edition), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 15.0 (OpenSUSE Leap), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 8 (Debian GNU/Linux), 1.2.0 (Blktrace)

Possible Mitigations

Использование рекомендаций: Для Blktrace: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7 Для Astra Linux: https://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111 Для Debian: https://security-tracker.debian.org/tracker/CVE-2018-10689 Для продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2018-10689/ Для Ubuntu: https://ubuntu.com/security/CVE-2018-10689 Для продуктов Red Hat: https://access.redhat.com/security/cve/cve-2018-10689

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-10689 https://security-tracker.debian.org/tracker/CVE-2018-10689 https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7 https://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111 https://security-tracker.debian.org/tracker/CVE-2018-10689 https://www.suse.com/security/cve/CVE-2018-10689/ https://ubuntu.com/security/CVE-2018-10689 https://access.redhat.com/security/cve/cve-2018-10689

CWE

CWE-119, CWE-120

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 7 (Red Hat Enterprise Linux), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 15.0 (OpenSUSE Leap), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 8 (Debian GNU/Linux), 1.2.0 (Blktrace)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Blktrace:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\t\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2018-10689\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2018-10689/\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2018-10689\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat:\nhttps://access.redhat.com/security/cve/cve-2018-10689",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.05.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.01.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00237",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-10689",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, OpenSUSE Leap, Suse Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, Blktrace",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. Suse Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dev_map_read \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u0442\u0440\u0430\u0441\u0441\u0438\u0440\u043e\u0432\u043a\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0432\u0432\u043e\u0434\u0430-\u0432\u044b\u0432\u043e\u0434\u0430 Blktrace, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dev_map_read (btt/devmap.c) \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0434\u043b\u044f \u0442\u0440\u0430\u0441\u0441\u0438\u0440\u043e\u0432\u043a\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u0432\u0432\u043e\u0434\u0430-\u0432\u044b\u0432\u043e\u0434\u0430 Blktrace \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2018-10689\nhttps://security-tracker.debian.org/tracker/CVE-2018-10689\nhttps://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7\t\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111\nhttps://security-tracker.debian.org/tracker/CVE-2018-10689\nhttps://www.suse.com/security/cve/CVE-2018-10689/\nhttps://ubuntu.com/security/CVE-2018-10689\nhttps://access.redhat.com/security/cve/cve-2018-10689",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-120",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CNVD-2018-10228

Vulnerability from cnvd - Published: 2018-05-23

Title

blktrace缓冲区溢出漏洞

Description

blktrace（又名Block IO Tracing）是一款基于Linux的用来收集磁盘中的IO信息的工具。 blktrace 1.2.0版本中的btt/devmap.c文件的‘dev_map_read’函数存在缓冲区溢出漏洞，该漏洞源于设备和devno的数组太小。当与Linux kernel或Android使用时，攻击者可利用该漏洞执行任意代码或造成拒绝服务。

Severity

低

Patch Name

blktrace缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://git.kernel.dk/?p=blktrace.git;a=patch;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-10689

Impacted products

Name
blktrace blktrace 1.2.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104142"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10689"
    }
  },
  "description": "blktrace\uff08\u53c8\u540dBlock IO Tracing\uff09\u662f\u4e00\u6b3e\u57fa\u4e8eLinux\u7684\u7528\u6765\u6536\u96c6\u78c1\u76d8\u4e2d\u7684IO\u4fe1\u606f\u7684\u5de5\u5177\u3002\r\n\r\nblktrace 1.2.0\u7248\u672c\u4e2d\u7684btt/devmap.c\u6587\u4ef6\u7684\u2018dev_map_read\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbe\u5907\u548cdevno\u7684\u6570\u7ec4\u592a\u5c0f\u3002\u5f53\u4e0eLinux kernel\u6216Android\u4f7f\u7528\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Herbo zhang",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://git.kernel.dk/?p=blktrace.git;a=patch;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10228",
  "openTime": "2018-05-23",
  "patchDescription": "blktrace\uff08\u53c8\u540dBlock IO Tracing\uff09\u662f\u4e00\u6b3e\u57fa\u4e8eLinux\u7684\u7528\u6765\u6536\u96c6\u78c1\u76d8\u4e2d\u7684IO\u4fe1\u606f\u7684\u5de5\u5177\u3002\r\n\r\nblktrace 1.2.0\u7248\u672c\u4e2d\u7684btt/devmap.c\u6587\u4ef6\u7684\u2018dev_map_read\u2019\u51fd\u6570\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbe\u5907\u548cdevno\u7684\u6570\u7ec4\u592a\u5c0f\u3002\u5f53\u4e0eLinux kernel\u6216Android\u4f7f\u7528\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "blktrace\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "blktrace blktrace 1.2.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-10689",
  "serverity": "\u4f4e",
  "submitTime": "2018-05-03",
  "title": "blktrace\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2018-10689

Vulnerability from fkie_nvd - Published: 2018-05-03 07:29 - Updated: 2024-11-21 03:41

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
cve@mitre.org	http://www.securityfocus.com/bid/104142	Third Party Advisory, VDB Entry
cve@mitre.org	https://access.redhat.com/errata/RHSA-2019:2162
cve@mitre.org	https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7	Patch
cve@mitre.org	https://security.gentoo.org/glsa/202107-15
cve@mitre.org	https://www.spinics.net/lists/linux-btrace/msg00847.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104142	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:2162
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7	Patch
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-15
af854a3a-2127-422b-91ae-364da2661108	https://www.spinics.net/lists/linux-btrace/msg00847.html	Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	blktrace_project	blktrace	1.2.0
	blktrace_project	blktrace	1.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:blktrace_project:blktrace:1.2.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "227B5E24-DEEA-4DB2-A305-4E99BBA0575B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:blktrace_project:blktrace:1.2.0:*:*:*:*:linux:*:*",
              "matchCriteriaId": "D214C720-D7ED-4B68-8444-CAA0FFD7FC86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file."
    },
    {
      "lang": "es",
      "value": "blktrace (tambi\u00e9n conocido como Block IO Tracing) 1.2.0, tal y como se emplea en el kernel de Linux y Android, tiene un desbordamiento de b\u00fafer en la funci\u00f3n dev_map_read en btt/devmap.c debido a que los arrays device y devno son demasiado peque\u00f1os, tal y como queda demostrado con una liberaci\u00f3n no v\u00e1lida al emplear el programa btt con un archivo manipulado."
    }
  ],
  "id": "CVE-2018-10689",
  "lastModified": "2024-11-21T03:41:51.187",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-03T07:29:00.210",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104142"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://access.redhat.com/errata/RHSA-2019:2162"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202107-15"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.spinics.net/lists/linux-btrace/msg00847.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.dk/?p=blktrace.git%3Ba=log%3Bh=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:2162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202107-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.spinics.net/lists/linux-btrace/msg00847.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PR22-23WP-22HM

Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-10689"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-03T07:29:00Z",
    "severity": "MODERATE"
  },
  "details": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.",
  "id": "GHSA-pr22-23wp-22hm",
  "modified": "2022-05-13T01:08:52Z",
  "published": "2022-05-13T01:08:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10689"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2162"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-15"
    },
    {
      "type": "WEB",
      "url": "https://www.spinics.net/lists/linux-btrace/msg00847.html"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104142"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-10689

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-10689

Aliases

CVE-2018-10689

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-10689",
    "description": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.",
    "id": "GSD-2018-10689",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-10689.html",
      "https://access.redhat.com/errata/RHSA-2019:2162",
      "https://alas.aws.amazon.com/cve/html/CVE-2018-10689.html",
      "https://linux.oracle.com/cve/CVE-2018-10689.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-10689"
      ],
      "details": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.",
      "id": "GSD-2018-10689",
      "modified": "2023-12-13T01:22:41.186997Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-10689",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.spinics.net/lists/linux-btrace/msg00847.html",
            "refsource": "MISC",
            "url": "https://www.spinics.net/lists/linux-btrace/msg00847.html"
          },
          {
            "name": "104142",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104142"
          },
          {
            "name": "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
            "refsource": "MISC",
            "url": "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
          },
          {
            "name": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
            "refsource": "MISC",
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
          },
          {
            "name": "RHSA-2019:2162",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:2162"
          },
          {
            "name": "GLSA-202107-15",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202107-15"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:blktrace_project:blktrace:1.2.0:*:*:*:*:android:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:blktrace_project:blktrace:1.2.0:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10689"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.spinics.net/lists/linux-btrace/msg00847.html",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://www.spinics.net/lists/linux-btrace/msg00847.html"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
            },
            {
              "name": "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
            },
            {
              "name": "104142",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104142"
            },
            {
              "name": "RHSA-2019:2162",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2019:2162"
            },
            {
              "name": "GLSA-202107-15",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202107-15"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-08T07:15Z",
      "publishedDate": "2018-05-03T07:29Z"
    }
  }
}

MSRC_CVE-2018-10689

Vulnerability from csaf_microsoft - Published: 2018-05-02 00:00 - Updated: 2021-12-16 00:00

Summary

blktrace (aka Block IO Tracing) 1.2.0 as used with the Linux kernel and Android has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small as demonstrated by an invalid free when using the btt program with a crafted file.

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2018-10689

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 16932-16820		—
Unresolved product id: 16933-17086		—

Known affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 16820-2		—	Vendor Fix fix
Unresolved product id: 17086-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2018/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2018/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2018-10689 blktrace (aka Block IO Tracing) 1.2.0 as used with the Linux kernel and Android has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small as demonstrated by an invalid free when using the btt program with a crafted file. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2018-10689.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "blktrace (aka Block IO Tracing) 1.2.0 as used with the Linux kernel and Android has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small as demonstrated by an invalid free when using the btt program with a crafted file.",
    "tracking": {
      "current_release_date": "2021-12-16T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T17:19:33.676Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2018-10689",
      "initial_release_date": "2018-05-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2020-08-18T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2021-12-16T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added blktrace to CBL-Mariner 2.0"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 blktrace 1.2.0-5",
                "product": {
                  "name": "\u003ccm1 blktrace 1.2.0-5",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 blktrace 1.2.0-5",
                "product": {
                  "name": "cm1 blktrace 1.2.0-5",
                  "product_id": "16932"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 blktrace 1.2.0-6",
                "product": {
                  "name": "\u003ccbl2 blktrace 1.2.0-6",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 blktrace 1.2.0-6",
                "product": {
                  "name": "cbl2 blktrace 1.2.0-6",
                  "product_id": "16933"
                }
              }
            ],
            "category": "product_name",
            "name": "blktrace"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 blktrace 1.2.0-5 as a component of CBL Mariner 1.0",
          "product_id": "16820-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 blktrace 1.2.0-5 as a component of CBL Mariner 1.0",
          "product_id": "16932-16820"
        },
        "product_reference": "16932",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 blktrace 1.2.0-6 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 blktrace 1.2.0-6 as a component of CBL Mariner 2.0",
          "product_id": "16933-17086"
        },
        "product_reference": "16933",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10689",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16932-16820",
          "16933-17086"
        ],
        "known_affected": [
          "16820-2",
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2018-10689 blktrace (aka Block IO Tracing) 1.2.0 as used with the Linux kernel and Android has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small as demonstrated by an invalid free when using the btt program with a crafted file. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2018-10689.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-08-18T00:00:00.000Z",
          "details": "1.2.0-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2020-08-18T00:00:00.000Z",
          "details": "1.2.0-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "16820-2",
            "17086-1"
          ]
        }
      ],
      "title": "blktrace (aka Block IO Tracing) 1.2.0 as used with the Linux kernel and Android has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small as demonstrated by an invalid free when using the btt program with a crafted file."
    }
  ]
}

OPENSUSE-SU-2019:1224-1

Vulnerability from csaf_opensuse - Published: 2019-04-17 13:29 - Updated: 2019-04-17 13:29

Summary

Security update for blktrace

Severity

Low

Notes

Title of the patch: Security update for blktrace

Description of the patch: This update for blktrace fixes the following issues: - CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because the device and devno arrays were too small (bsc#1091942) This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2019-1224

CVE-2018-10689

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 1 product

Product	Identifier	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1091942	self
https://www.suse.com/security/cve/CVE-2018-10689/	self
https://www.suse.com/security/cve/CVE-2018-10689	external
https://bugzilla.suse.com/1091942	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for blktrace",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for blktrace fixes the following issues:\n\n- CVE-2018-10689: Prevent buffer overflow in the dev_map_read function because\n  the device and devno arrays were too small (bsc#1091942)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1224",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1224-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1224-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4XVUCFZTA5I7REF7NZOJBBPLIGSBAHNW/#4XVUCFZTA5I7REF7NZOJBBPLIGSBAHNW"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1224-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4XVUCFZTA5I7REF7NZOJBBPLIGSBAHNW/#4XVUCFZTA5I7REF7NZOJBBPLIGSBAHNW"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091942",
        "url": "https://bugzilla.suse.com/1091942"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10689 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10689/"
      }
    ],
    "title": "Security update for blktrace",
    "tracking": {
      "current_release_date": "2019-04-17T13:29:33Z",
      "generator": {
        "date": "2019-04-17T13:29:33Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1224-1",
      "initial_release_date": "2019-04-17T13:29:33Z",
      "revision_history": [
        {
          "date": "2019-04-17T13:29:33Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64",
                "product": {
                  "name": "blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64",
                  "product_id": "blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64"
        },
        "product_reference": "blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10689",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10689"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10689",
          "url": "https://www.suse.com/security/cve/CVE-2018-10689"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091942 for CVE-2018-10689",
          "url": "https://bugzilla.suse.com/1091942"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:blktrace-1.1.0+git.20170126-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10689"
    }
  ]
}

RHSA-2019:2162

Vulnerability from csaf_redhat - Published: 2019-08-06 12:39 - Updated: 2026-01-13 22:15

Summary

Red Hat Security Advisory: blktrace security update

Severity

Low

Notes

Topic: An update for blktrace is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The blktrace packages contain a number of utilities to record the I/O trace information for the kernel to user space, and utilities to analyze and view the trace information. Security Fix(es): * blktrace: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2018-10689

4.8 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 36 products

Product	Version	Remediation
Unresolved product id: 7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64	—	Vendor Fix fix
Unresolved product id: 7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Client-7.7:blktrace-0:1.0.5-9.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Client-7.7:blktrace-0:1.0.5-9.el7.src	—	Vendor Fix fix
Unresolved product id: 7Client-7.7:blktrace-0:1.0.5-9.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64	—	Vendor Fix fix
Unresolved product id: 7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.src	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64	—	Vendor Fix fix
Unresolved product id: 7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-7.7:blktrace-0:1.0.5-9.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-7.7:blktrace-0:1.0.5-9.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-7.7:blktrace-0:1.0.5-9.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64	—	Vendor Fix fix
Unresolved product id: 7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.7:blktrace-0:1.0.5-9.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.7:blktrace-0:1.0.5-9.el7.src	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.7:blktrace-0:1.0.5-9.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x	—	Vendor Fix fix
Unresolved product id: 7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64	—	Vendor Fix fix

Threats

Impact Low

References

9 references

URL	Category
https://access.redhat.com/errata/RHSA-2019:2162	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1575119	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2018-10689	self
https://bugzilla.redhat.com/show_bug.cgi?id=1575119	external
https://www.cve.org/CVERecord?id=CVE-2018-10689	external
https://nvd.nist.gov/vuln/detail/CVE-2018-10689	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for blktrace is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The blktrace packages contain a number of utilities to record the I/O trace information for the kernel to user space, and utilities to analyze and view the trace information.\n\nSecurity Fix(es):\n\n* blktrace: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2019:2162",
        "url": "https://access.redhat.com/errata/RHSA-2019:2162"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
      },
      {
        "category": "external",
        "summary": "1575119",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575119"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2162.json"
      }
    ],
    "title": "Red Hat Security Advisory: blktrace security update",
    "tracking": {
      "current_release_date": "2026-01-13T22:15:05+00:00",
      "generator": {
        "date": "2026-01-13T22:15:05+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.15"
        }
      },
      "id": "RHSA-2019:2162",
      "initial_release_date": "2019-08-06T12:39:14+00:00",
      "revision_history": [
        {
          "date": "2019-08-06T12:39:14+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-08-06T12:39:14+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-13T22:15:05+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client (v. 7)",
                  "product_id": "7Client-7.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
                  "product_id": "7ComputeNode-7.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 7)",
                  "product_id": "7Server-7.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation (v. 7)",
                  "product_id": "7Workstation-7.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "blktrace-0:1.0.5-9.el7.x86_64",
                "product": {
                  "name": "blktrace-0:1.0.5-9.el7.x86_64",
                  "product_id": "blktrace-0:1.0.5-9.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/blktrace@1.0.5-9.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
                "product": {
                  "name": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
                  "product_id": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/blktrace-debuginfo@1.0.5-9.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "blktrace-0:1.0.5-9.el7.src",
                "product": {
                  "name": "blktrace-0:1.0.5-9.el7.src",
                  "product_id": "blktrace-0:1.0.5-9.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/blktrace@1.0.5-9.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "blktrace-0:1.0.5-9.el7.s390x",
                "product": {
                  "name": "blktrace-0:1.0.5-9.el7.s390x",
                  "product_id": "blktrace-0:1.0.5-9.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/blktrace@1.0.5-9.el7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "blktrace-debuginfo-0:1.0.5-9.el7.s390x",
                "product": {
                  "name": "blktrace-debuginfo-0:1.0.5-9.el7.s390x",
                  "product_id": "blktrace-debuginfo-0:1.0.5-9.el7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/blktrace-debuginfo@1.0.5-9.el7?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "blktrace-0:1.0.5-9.el7.ppc64",
                "product": {
                  "name": "blktrace-0:1.0.5-9.el7.ppc64",
                  "product_id": "blktrace-0:1.0.5-9.el7.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/blktrace@1.0.5-9.el7?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
                "product": {
                  "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
                  "product_id": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/blktrace-debuginfo@1.0.5-9.el7?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "blktrace-0:1.0.5-9.el7.ppc64le",
                "product": {
                  "name": "blktrace-0:1.0.5-9.el7.ppc64le",
                  "product_id": "blktrace-0:1.0.5-9.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/blktrace@1.0.5-9.el7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
                "product": {
                  "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
                  "product_id": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/blktrace-debuginfo@1.0.5-9.el7?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.ppc64",
        "relates_to_product_reference": "7Client-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64le"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.ppc64le",
        "relates_to_product_reference": "7Client-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.7:blktrace-0:1.0.5-9.el7.s390x"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.s390x",
        "relates_to_product_reference": "7Client-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.7:blktrace-0:1.0.5-9.el7.src"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.src",
        "relates_to_product_reference": "7Client-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.7:blktrace-0:1.0.5-9.el7.x86_64"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.x86_64",
        "relates_to_product_reference": "7Client-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
        "relates_to_product_reference": "7Client-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
        "relates_to_product_reference": "7Client-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.s390x",
        "relates_to_product_reference": "7Client-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
          "product_id": "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
        "relates_to_product_reference": "7Client-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.ppc64",
        "relates_to_product_reference": "7ComputeNode-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64le"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.ppc64le",
        "relates_to_product_reference": "7ComputeNode-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.s390x"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.s390x",
        "relates_to_product_reference": "7ComputeNode-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.src"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.src",
        "relates_to_product_reference": "7ComputeNode-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.x86_64"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
        "relates_to_product_reference": "7ComputeNode-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
        "relates_to_product_reference": "7ComputeNode-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.s390x as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.s390x",
        "relates_to_product_reference": "7ComputeNode-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64 as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
          "product_id": "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
        "relates_to_product_reference": "7ComputeNode-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.ppc64",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64le"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.ppc64le",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:blktrace-0:1.0.5-9.el7.s390x"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.s390x",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:blktrace-0:1.0.5-9.el7.src"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.src",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:blktrace-0:1.0.5-9.el7.x86_64"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.x86_64",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.s390x",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
          "product_id": "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
        "relates_to_product_reference": "7Server-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.ppc64",
        "relates_to_product_reference": "7Workstation-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64le"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.ppc64le",
        "relates_to_product_reference": "7Workstation-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.7:blktrace-0:1.0.5-9.el7.s390x"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.s390x",
        "relates_to_product_reference": "7Workstation-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.7:blktrace-0:1.0.5-9.el7.src"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.src",
        "relates_to_product_reference": "7Workstation-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-0:1.0.5-9.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.7:blktrace-0:1.0.5-9.el7.x86_64"
        },
        "product_reference": "blktrace-0:1.0.5-9.el7.x86_64",
        "relates_to_product_reference": "7Workstation-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
        "relates_to_product_reference": "7Workstation-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
        "relates_to_product_reference": "7Workstation-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.s390x",
        "relates_to_product_reference": "7Workstation-7.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
          "product_id": "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64"
        },
        "product_reference": "blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
        "relates_to_product_reference": "7Workstation-7.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-10689",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2018-05-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1575119"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "blktrace: buffer overflow in the dev_map_read function in btt/devmap.c",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64",
          "7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
          "7Client-7.7:blktrace-0:1.0.5-9.el7.s390x",
          "7Client-7.7:blktrace-0:1.0.5-9.el7.src",
          "7Client-7.7:blktrace-0:1.0.5-9.el7.x86_64",
          "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
          "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
          "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
          "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
          "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64",
          "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
          "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.s390x",
          "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.src",
          "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.x86_64",
          "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
          "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
          "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
          "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
          "7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64",
          "7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
          "7Server-7.7:blktrace-0:1.0.5-9.el7.s390x",
          "7Server-7.7:blktrace-0:1.0.5-9.el7.src",
          "7Server-7.7:blktrace-0:1.0.5-9.el7.x86_64",
          "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
          "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
          "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
          "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
          "7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64",
          "7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
          "7Workstation-7.7:blktrace-0:1.0.5-9.el7.s390x",
          "7Workstation-7.7:blktrace-0:1.0.5-9.el7.src",
          "7Workstation-7.7:blktrace-0:1.0.5-9.el7.x86_64",
          "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
          "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
          "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
          "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-10689"
        },
        {
          "category": "external",
          "summary": "RHBZ#1575119",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575119"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-10689",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-10689"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10689",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10689"
        }
      ],
      "release_date": "2018-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2019-08-06T12:39:14+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64",
            "7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
            "7Client-7.7:blktrace-0:1.0.5-9.el7.s390x",
            "7Client-7.7:blktrace-0:1.0.5-9.el7.src",
            "7Client-7.7:blktrace-0:1.0.5-9.el7.x86_64",
            "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
            "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
            "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
            "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.s390x",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.src",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.x86_64",
            "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
            "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
            "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
            "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.s390x",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.src",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.x86_64",
            "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
            "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
            "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
            "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.s390x",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.src",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.x86_64",
            "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
            "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
            "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
            "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2019:2162"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64",
            "7Client-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
            "7Client-7.7:blktrace-0:1.0.5-9.el7.s390x",
            "7Client-7.7:blktrace-0:1.0.5-9.el7.src",
            "7Client-7.7:blktrace-0:1.0.5-9.el7.x86_64",
            "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
            "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
            "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
            "7Client-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.s390x",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.src",
            "7ComputeNode-7.7:blktrace-0:1.0.5-9.el7.x86_64",
            "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
            "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
            "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
            "7ComputeNode-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.s390x",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.src",
            "7Server-7.7:blktrace-0:1.0.5-9.el7.x86_64",
            "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
            "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
            "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
            "7Server-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.ppc64le",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.s390x",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.src",
            "7Workstation-7.7:blktrace-0:1.0.5-9.el7.x86_64",
            "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64",
            "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.ppc64le",
            "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.s390x",
            "7Workstation-7.7:blktrace-debuginfo-0:1.0.5-9.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "blktrace: buffer overflow in the dev_map_read function in btt/devmap.c"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-10689 (GCVE-0-2018-10689)

Solution

Solution

Tags

Sightings

Nomenclature