TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2018-5332

HIGH
7.8

Beschreibung

In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

CVE Details

CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht1/11/2018
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

canonical:ubuntu_linuxdebian:debian_linuxlinux:linux_kernel

Schwachen (CWE)

CWE-787

Referenzen

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c(cve@mitre.org)
http://www.securityfocus.com/bid/102507(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2018:0470(cve@mitre.org)
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e(cve@mitre.org)
https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html(cve@mitre.org)
https://usn.ubuntu.com/3617-1/(cve@mitre.org)
https://usn.ubuntu.com/3617-2/(cve@mitre.org)
https://usn.ubuntu.com/3617-3/(cve@mitre.org)
https://usn.ubuntu.com/3619-1/(cve@mitre.org)
https://usn.ubuntu.com/3619-2/(cve@mitre.org)
https://usn.ubuntu.com/3620-1/(cve@mitre.org)
https://usn.ubuntu.com/3620-2/(cve@mitre.org)
https://usn.ubuntu.com/3632-1/(cve@mitre.org)
https://www.debian.org/security/2018/dsa-4187(cve@mitre.org)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/102507(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:0470(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3617-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3617-2/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3617-3/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3619-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3619-2/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3620-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3620-2/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3632-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4187(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.