Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for kernel: by [UNKNOWN]

    CVE-2018-16884 (GCVE-0-2018-16884)

    Vulnerability from nvd – Published: 2018-12-18 22:00 – Updated: 2024-08-05 10:32
    VLAI
    Summary
    A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/106253 vdb-entryx_refsource_BID
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3932-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3932-2/ vendor-advisoryx_refsource_UBUNTU
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3981-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3980-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3980-2/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3981-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:1873 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:1891 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2730 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3517 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0204 vendor-advisoryx_refsource_REDHAT
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://patchwork.kernel.org/patch/10733769/ x_refsource_CONFIRM
    https://patchwork.kernel.org/cover/10733767/ x_refsource_CONFIRM
    https://support.f5.com/csp/article/K21430012 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: n/a
    Create a notification for this product.
    Date Public
    2018-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:32:54.149Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106253",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106253"
              },
              {
                "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
              },
              {
                "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
              },
              {
                "name": "USN-3932-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3932-1/"
              },
              {
                "name": "USN-3932-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3932-2/"
              },
              {
                "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
              },
              {
                "name": "USN-3981-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3981-1/"
              },
              {
                "name": "USN-3980-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3980-1/"
              },
              {
                "name": "USN-3980-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3980-2/"
              },
              {
                "name": "USN-3981-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3981-2/"
              },
              {
                "name": "RHSA-2019:1873",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1873"
              },
              {
                "name": "RHSA-2019:1891",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1891"
              },
              {
                "name": "RHSA-2019:2696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2696"
              },
              {
                "name": "RHSA-2019:2730",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2730"
              },
              {
                "name": "RHSA-2019:3309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3309"
              },
              {
                "name": "RHSA-2019:3517",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3517"
              },
              {
                "name": "RHSA-2020:0204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0204"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchwork.kernel.org/patch/10733769/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchwork.kernel.org/cover/10733767/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K21430012"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-14T17:20:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "106253",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106253"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "USN-3932-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3932-1/"
            },
            {
              "name": "USN-3932-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3932-2/"
            },
            {
              "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
            },
            {
              "name": "USN-3981-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3981-1/"
            },
            {
              "name": "USN-3980-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3980-1/"
            },
            {
              "name": "USN-3980-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3980-2/"
            },
            {
              "name": "USN-3981-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3981-2/"
            },
            {
              "name": "RHSA-2019:1873",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1873"
            },
            {
              "name": "RHSA-2019:1891",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1891"
            },
            {
              "name": "RHSA-2019:2696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2696"
            },
            {
              "name": "RHSA-2019:2730",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2730"
            },
            {
              "name": "RHSA-2019:3309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3309"
            },
            {
              "name": "RHSA-2019:3517",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3517"
            },
            {
              "name": "RHSA-2020:0204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0204"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchwork.kernel.org/patch/10733769/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchwork.kernel.org/cover/10733767/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K21430012"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-16884",
        "datePublished": "2018-12-18T22:00:00.000Z",
        "dateReserved": "2018-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:32:54.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16862 (GCVE-0-2018-16862)

    Vulnerability from nvd – Published: 2018-11-26 19:00 – Updated: 2024-08-05 10:32
    VLAI
    Summary
    A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/106009 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3879-2/ vendor-advisoryx_refsource_UBUNTU
    https://seclists.org/oss-sec/2018/q4/169 mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3879-1/ vendor-advisoryx_refsource_UBUNTU
    https://lore.kernel.org/patchwork/patch/1011367/ x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4094-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4118-1/ vendor-advisoryx_refsource_UBUNTU
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: n/a
    Create a notification for this product.
    Date Public
    2018-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:32:54.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106009",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106009"
              },
              {
                "name": "USN-3879-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3879-2/"
              },
              {
                "name": "[oss-security] 20181123 CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://seclists.org/oss-sec/2018/q4/169"
              },
              {
                "name": "USN-3879-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3879-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lore.kernel.org/patchwork/patch/1011367/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862"
              },
              {
                "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
              },
              {
                "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
              },
              {
                "name": "USN-4094-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4094-1/"
              },
              {
                "name": "USN-4118-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4118-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-02T23:06:12.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "106009",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106009"
            },
            {
              "name": "USN-3879-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3879-2/"
            },
            {
              "name": "[oss-security] 20181123 CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://seclists.org/oss-sec/2018/q4/169"
            },
            {
              "name": "USN-3879-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3879-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lore.kernel.org/patchwork/patch/1011367/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "USN-4094-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4094-1/"
            },
            {
              "name": "USN-4118-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4118-1/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-16862",
        "datePublished": "2018-11-26T19:00:00.000Z",
        "dateReserved": "2018-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:32:54.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14646 (GCVE-0-2018-14646)

    Vulnerability from nvd – Published: 2018-11-26 19:00 – Updated: 2024-08-05 09:38
    VLAI
    Summary
    The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: 4.15-rc8
    Create a notification for this product.
    Date Public
    2018-11-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.102Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:3843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3843"
              },
              {
                "name": "RHSA-2018:3666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3666"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee"
              },
              {
                "name": "RHSA-2018:3651",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3651"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://marc.info/?l=linux-netdev\u0026m=151500466401174\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.15-rc8"
                }
              ]
            }
          ],
          "datePublic": "2018-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:3843",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3843"
            },
            {
              "name": "RHSA-2018:3666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3666"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee"
            },
            {
              "name": "RHSA-2018:3651",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3651"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://marc.info/?l=linux-netdev\u0026m=151500466401174\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2018-14646",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kernel:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.15-rc8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "[UNKNOWN]"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:3843",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3843"
                },
                {
                  "name": "RHSA-2018:3666",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3666"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee"
                },
                {
                  "name": "RHSA-2018:3651",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3651"
                },
                {
                  "name": "https://marc.info/?l=linux-netdev\u0026m=151500466401174\u0026w=2",
                  "refsource": "CONFIRM",
                  "url": "https://marc.info/?l=linux-netdev\u0026m=151500466401174\u0026w=2"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-14646",
        "datePublished": "2018-11-26T19:00:00.000Z",
        "dateReserved": "2018-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:38:13.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7518 (GCVE-0-2017-7518)

    Vulnerability from nvd – Published: 2018-07-30 13:00 – Updated: 2024-08-05 16:04
    VLAI
    Summary
    A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:0412 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/articles/3290921 x_refsource_CONFIRM
    https://usn.ubuntu.com/3619-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:0395 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3754-1/ vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1038782 vdb-entryx_refsource_SECTRACK
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2017/06/23/5 mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3619-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2017/dsa-3981 vendor-advisoryx_refsource_DEBIAN
    https://www.spinics.net/lists/kvm/msg151817.html mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/99263 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    [UNKNOWN] Kernel: Affected: 4.12
    Create a notification for this product.
    Date Public
    2017-06-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:0412",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0412"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/articles/3290921"
              },
              {
                "name": "USN-3619-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3619-2/"
              },
              {
                "name": "RHSA-2018:0395",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0395"
              },
              {
                "name": "USN-3754-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3754-1/"
              },
              {
                "name": "1038782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038782"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518"
              },
              {
                "name": "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2017/06/23/5"
              },
              {
                "name": "USN-3619-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3619-1/"
              },
              {
                "name": "DSA-3981",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-3981"
              },
              {
                "name": "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.spinics.net/lists/kvm/msg151817.html"
              },
              {
                "name": "99263",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.12"
                }
              ]
            }
          ],
          "datePublic": "2017-06-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-24T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:0412",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0412"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/articles/3290921"
            },
            {
              "name": "USN-3619-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "RHSA-2018:0395",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0395"
            },
            {
              "name": "USN-3754-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "1038782",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038782"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518"
            },
            {
              "name": "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/06/23/5"
            },
            {
              "name": "USN-3619-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "DSA-3981",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3981"
            },
            {
              "name": "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.spinics.net/lists/kvm/msg151817.html"
            },
            {
              "name": "99263",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-7518",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kernel:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "[UNKNOWN]"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-250"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:0412",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0412"
                },
                {
                  "name": "https://access.redhat.com/articles/3290921",
                  "refsource": "CONFIRM",
                  "url": "https://access.redhat.com/articles/3290921"
                },
                {
                  "name": "USN-3619-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3619-2/"
                },
                {
                  "name": "RHSA-2018:0395",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0395"
                },
                {
                  "name": "USN-3754-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3754-1/"
                },
                {
                  "name": "1038782",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038782"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518"
                },
                {
                  "name": "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2017/06/23/5"
                },
                {
                  "name": "USN-3619-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3619-1/"
                },
                {
                  "name": "DSA-3981",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-3981"
                },
                {
                  "name": "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall",
                  "refsource": "MLIST",
                  "url": "https://www.spinics.net/lists/kvm/msg151817.html"
                },
                {
                  "name": "99263",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7518",
        "datePublished": "2018-07-30T13:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:04:11.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7482 (GCVE-0-2017-7482)

    Vulnerability from nvd – Published: 2018-07-30 14:00 – Updated: 2024-08-05 16:04
    VLAI
    Summary
    In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/99299 vdb-entryx_refsource_BID
    https://git.kernel.org/pub/scm/linux/kernel/git/t… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038787 vdb-entryx_refsource_SECTRACK
    https://www.debian.org/security/2017/dsa-3927 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2017/dsa-3945 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    http://seclists.org/oss-sec/2017/q2/602 mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2019:0641 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: 4.12
    Create a notification for this product.
    Date Public
    2017-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.726Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99299",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99299"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
              },
              {
                "name": "1038787",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038787"
              },
              {
                "name": "DSA-3927",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-3927"
              },
              {
                "name": "DSA-3945",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-3945"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
              },
              {
                "name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2017/q2/602"
              },
              {
                "name": "RHSA-2019:0641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:0641"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.12"
                }
              ]
            }
          ],
          "datePublic": "2017-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T10:06:06.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "99299",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99299"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
            },
            {
              "name": "1038787",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038787"
            },
            {
              "name": "DSA-3927",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3927"
            },
            {
              "name": "DSA-3945",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3945"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
            },
            {
              "name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2017/q2/602"
            },
            {
              "name": "RHSA-2019:0641",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0641"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-7482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kernel:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "[UNKNOWN]"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.1/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99299",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99299"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
                },
                {
                  "name": "1038787",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038787"
                },
                {
                  "name": "DSA-3927",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-3927"
                },
                {
                  "name": "DSA-3945",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-3945"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
                },
                {
                  "name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2017/q2/602"
                },
                {
                  "name": "RHSA-2019:0641",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:0641"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7482",
        "datePublished": "2018-07-30T14:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:04:11.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10901 (GCVE-0-2018-10901)

    Vulnerability from nvd – Published: 2018-07-26 17:00 – Updated: 2024-08-05 07:54
    VLAI
    Summary
    A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: n/a
    Create a notification for this product.
    Date Public
    2010-08-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:35.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104905",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104905"
              },
              {
                "name": "RHSA-2018:2393",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2393"
              },
              {
                "name": "RHSA-2018:2390",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2390"
              },
              {
                "name": "RHSA-2018:2391",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2391"
              },
              {
                "name": "RHSA-2018:2392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2392"
              },
              {
                "name": "RHSA-2018:2394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2394"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Linux kernel\u0027s KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host\u0027s userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-15T02:22:56.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "104905",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104905"
            },
            {
              "name": "RHSA-2018:2393",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2393"
            },
            {
              "name": "RHSA-2018:2390",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "RHSA-2018:2391",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2391"
            },
            {
              "name": "RHSA-2018:2392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2392"
            },
            {
              "name": "RHSA-2018:2394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2018-10901",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kernel:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "[UNKNOWN]"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in Linux kernel\u0027s KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host\u0027s userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-665"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104905",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104905"
                },
                {
                  "name": "RHSA-2018:2393",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2393"
                },
                {
                  "name": "RHSA-2018:2390",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2390"
                },
                {
                  "name": "RHSA-2018:2391",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2391"
                },
                {
                  "name": "RHSA-2018:2392",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2392"
                },
                {
                  "name": "RHSA-2018:2394",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2394"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-10901",
        "datePublished": "2018-07-26T17:00:00.000Z",
        "dateReserved": "2018-05-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:54:35.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16884 (GCVE-0-2018-16884)

    Vulnerability from cvelistv5 – Published: 2018-12-18 22:00 – Updated: 2024-08-05 10:32
    VLAI
    Summary
    A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/106253 vdb-entryx_refsource_BID
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3932-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3932-2/ vendor-advisoryx_refsource_UBUNTU
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3981-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3980-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3980-2/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/3981-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2019:1873 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:1891 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2696 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2730 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3309 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3517 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0204 vendor-advisoryx_refsource_REDHAT
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://patchwork.kernel.org/patch/10733769/ x_refsource_CONFIRM
    https://patchwork.kernel.org/cover/10733767/ x_refsource_CONFIRM
    https://support.f5.com/csp/article/K21430012 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: n/a
    Create a notification for this product.
    Date Public
    2018-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:32:54.149Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106253",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106253"
              },
              {
                "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
              },
              {
                "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
              },
              {
                "name": "USN-3932-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3932-1/"
              },
              {
                "name": "USN-3932-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3932-2/"
              },
              {
                "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
              },
              {
                "name": "USN-3981-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3981-1/"
              },
              {
                "name": "USN-3980-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3980-1/"
              },
              {
                "name": "USN-3980-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3980-2/"
              },
              {
                "name": "USN-3981-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3981-2/"
              },
              {
                "name": "RHSA-2019:1873",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1873"
              },
              {
                "name": "RHSA-2019:1891",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1891"
              },
              {
                "name": "RHSA-2019:2696",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2696"
              },
              {
                "name": "RHSA-2019:2730",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2730"
              },
              {
                "name": "RHSA-2019:3309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3309"
              },
              {
                "name": "RHSA-2019:3517",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3517"
              },
              {
                "name": "RHSA-2020:0204",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0204"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchwork.kernel.org/patch/10733769/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchwork.kernel.org/cover/10733767/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K21430012"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel\u0027s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-14T17:20:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "106253",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106253"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "USN-3932-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3932-1/"
            },
            {
              "name": "USN-3932-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3932-2/"
            },
            {
              "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
            },
            {
              "name": "USN-3981-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3981-1/"
            },
            {
              "name": "USN-3980-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3980-1/"
            },
            {
              "name": "USN-3980-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3980-2/"
            },
            {
              "name": "USN-3981-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3981-2/"
            },
            {
              "name": "RHSA-2019:1873",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1873"
            },
            {
              "name": "RHSA-2019:1891",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1891"
            },
            {
              "name": "RHSA-2019:2696",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2696"
            },
            {
              "name": "RHSA-2019:2730",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2730"
            },
            {
              "name": "RHSA-2019:3309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3309"
            },
            {
              "name": "RHSA-2019:3517",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3517"
            },
            {
              "name": "RHSA-2020:0204",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0204"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchwork.kernel.org/patch/10733769/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchwork.kernel.org/cover/10733767/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K21430012"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-16884",
        "datePublished": "2018-12-18T22:00:00.000Z",
        "dateReserved": "2018-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:32:54.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-16862 (GCVE-0-2018-16862)

    Vulnerability from cvelistv5 – Published: 2018-11-26 19:00 – Updated: 2024-08-05 10:32
    VLAI
    Summary
    A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/106009 vdb-entryx_refsource_BID
    https://usn.ubuntu.com/3879-2/ vendor-advisoryx_refsource_UBUNTU
    https://seclists.org/oss-sec/2018/q4/169 mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3879-1/ vendor-advisoryx_refsource_UBUNTU
    https://lore.kernel.org/patchwork/patch/1011367/ x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4094-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4118-1/ vendor-advisoryx_refsource_UBUNTU
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: n/a
    Create a notification for this product.
    Date Public
    2018-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:32:54.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106009",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106009"
              },
              {
                "name": "USN-3879-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3879-2/"
              },
              {
                "name": "[oss-security] 20181123 CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://seclists.org/oss-sec/2018/q4/169"
              },
              {
                "name": "USN-3879-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3879-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lore.kernel.org/patchwork/patch/1011367/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862"
              },
              {
                "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
              },
              {
                "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
              },
              {
                "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
              },
              {
                "name": "USN-4094-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4094-1/"
              },
              {
                "name": "USN-4118-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4118-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-02T23:06:12.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "106009",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106009"
            },
            {
              "name": "USN-3879-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3879-2/"
            },
            {
              "name": "[oss-security] 20181123 CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://seclists.org/oss-sec/2018/q4/169"
            },
            {
              "name": "USN-3879-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3879-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lore.kernel.org/patchwork/patch/1011367/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862"
            },
            {
              "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
            },
            {
              "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
            },
            {
              "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
            },
            {
              "name": "USN-4094-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4094-1/"
            },
            {
              "name": "USN-4118-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4118-1/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-16862",
        "datePublished": "2018-11-26T19:00:00.000Z",
        "dateReserved": "2018-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-05T10:32:54.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14646 (GCVE-0-2018-14646)

    Vulnerability from cvelistv5 – Published: 2018-11-26 19:00 – Updated: 2024-08-05 09:38
    VLAI
    Summary
    The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: 4.15-rc8
    Create a notification for this product.
    Date Public
    2018-11-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.102Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:3843",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3843"
              },
              {
                "name": "RHSA-2018:3666",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3666"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee"
              },
              {
                "name": "RHSA-2018:3651",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3651"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://marc.info/?l=linux-netdev\u0026m=151500466401174\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.15-rc8"
                }
              ]
            }
          ],
          "datePublic": "2018-11-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:3843",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3843"
            },
            {
              "name": "RHSA-2018:3666",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3666"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee"
            },
            {
              "name": "RHSA-2018:3651",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3651"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://marc.info/?l=linux-netdev\u0026m=151500466401174\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2018-14646",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kernel:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.15-rc8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "[UNKNOWN]"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:3843",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3843"
                },
                {
                  "name": "RHSA-2018:3666",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3666"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee"
                },
                {
                  "name": "RHSA-2018:3651",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3651"
                },
                {
                  "name": "https://marc.info/?l=linux-netdev\u0026m=151500466401174\u0026w=2",
                  "refsource": "CONFIRM",
                  "url": "https://marc.info/?l=linux-netdev\u0026m=151500466401174\u0026w=2"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-14646",
        "datePublished": "2018-11-26T19:00:00.000Z",
        "dateReserved": "2018-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:38:13.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7482 (GCVE-0-2017-7482)

    Vulnerability from cvelistv5 – Published: 2018-07-30 14:00 – Updated: 2024-08-05 16:04
    VLAI
    Summary
    In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
    CWE
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/99299 vdb-entryx_refsource_BID
    https://git.kernel.org/pub/scm/linux/kernel/git/t… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038787 vdb-entryx_refsource_SECTRACK
    https://www.debian.org/security/2017/dsa-3927 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2017/dsa-3945 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    http://seclists.org/oss-sec/2017/q2/602 mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2019:0641 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: 4.12
    Create a notification for this product.
    Date Public
    2017-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.726Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99299",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99299"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
              },
              {
                "name": "1038787",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038787"
              },
              {
                "name": "DSA-3927",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-3927"
              },
              {
                "name": "DSA-3945",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-3945"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
              },
              {
                "name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2017/q2/602"
              },
              {
                "name": "RHSA-2019:0641",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:0641"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.12"
                }
              ]
            }
          ],
          "datePublic": "2017-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-26T10:06:06.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "99299",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99299"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
            },
            {
              "name": "1038787",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038787"
            },
            {
              "name": "DSA-3927",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3927"
            },
            {
              "name": "DSA-3945",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3945"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
            },
            {
              "name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2017/q2/602"
            },
            {
              "name": "RHSA-2019:0641",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:0641"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-7482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kernel:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "[UNKNOWN]"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.1/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-190"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99299",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99299"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
                },
                {
                  "name": "1038787",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038787"
                },
                {
                  "name": "DSA-3927",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-3927"
                },
                {
                  "name": "DSA-3945",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-3945"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
                },
                {
                  "name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2017/q2/602"
                },
                {
                  "name": "RHSA-2019:0641",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:0641"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7482",
        "datePublished": "2018-07-30T14:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:04:11.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7518 (GCVE-0-2017-7518)

    Vulnerability from cvelistv5 – Published: 2018-07-30 13:00 – Updated: 2024-08-05 16:04
    VLAI
    Summary
    A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2018:0412 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/articles/3290921 x_refsource_CONFIRM
    https://usn.ubuntu.com/3619-2/ vendor-advisoryx_refsource_UBUNTU
    https://access.redhat.com/errata/RHSA-2018:0395 vendor-advisoryx_refsource_REDHAT
    https://usn.ubuntu.com/3754-1/ vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1038782 vdb-entryx_refsource_SECTRACK
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2017/06/23/5 mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/3619-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2017/dsa-3981 vendor-advisoryx_refsource_DEBIAN
    https://www.spinics.net/lists/kvm/msg151817.html mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/99263 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    [UNKNOWN] Kernel: Affected: 4.12
    Create a notification for this product.
    Date Public
    2017-06-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2018:0412",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0412"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/articles/3290921"
              },
              {
                "name": "USN-3619-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3619-2/"
              },
              {
                "name": "RHSA-2018:0395",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:0395"
              },
              {
                "name": "USN-3754-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3754-1/"
              },
              {
                "name": "1038782",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038782"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518"
              },
              {
                "name": "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2017/06/23/5"
              },
              {
                "name": "USN-3619-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3619-1/"
              },
              {
                "name": "DSA-3981",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2017/dsa-3981"
              },
              {
                "name": "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.spinics.net/lists/kvm/msg151817.html"
              },
              {
                "name": "99263",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.12"
                }
              ]
            }
          ],
          "datePublic": "2017-06-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-24T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2018:0412",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0412"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/articles/3290921"
            },
            {
              "name": "USN-3619-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "RHSA-2018:0395",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0395"
            },
            {
              "name": "USN-3754-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3754-1/"
            },
            {
              "name": "1038782",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038782"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518"
            },
            {
              "name": "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/06/23/5"
            },
            {
              "name": "USN-3619-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "DSA-3981",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2017/dsa-3981"
            },
            {
              "name": "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.spinics.net/lists/kvm/msg151817.html"
            },
            {
              "name": "99263",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99263"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2017-7518",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kernel:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "[UNKNOWN]"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                    "version": "3.0"
                  }
                ],
                [
                  {
                    "vectorString": "5.4/AV:A/AC:M/Au:N/C:P/I:P/A:P",
                    "version": "2.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-250"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2018:0412",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0412"
                },
                {
                  "name": "https://access.redhat.com/articles/3290921",
                  "refsource": "CONFIRM",
                  "url": "https://access.redhat.com/articles/3290921"
                },
                {
                  "name": "USN-3619-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3619-2/"
                },
                {
                  "name": "RHSA-2018:0395",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:0395"
                },
                {
                  "name": "USN-3754-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3754-1/"
                },
                {
                  "name": "1038782",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038782"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518"
                },
                {
                  "name": "[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2017/06/23/5"
                },
                {
                  "name": "USN-3619-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3619-1/"
                },
                {
                  "name": "DSA-3981",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2017/dsa-3981"
                },
                {
                  "name": "[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall",
                  "refsource": "MLIST",
                  "url": "https://www.spinics.net/lists/kvm/msg151817.html"
                },
                {
                  "name": "99263",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99263"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7518",
        "datePublished": "2018-07-30T13:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:04:11.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10901 (GCVE-0-2018-10901)

    Vulnerability from cvelistv5 – Published: 2018-07-26 17:00 – Updated: 2024-08-05 07:54
    VLAI
    Summary
    A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    [UNKNOWN] kernel: Affected: n/a
    Create a notification for this product.
    Date Public
    2010-08-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:54:35.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104905",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104905"
              },
              {
                "name": "RHSA-2018:2393",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2393"
              },
              {
                "name": "RHSA-2018:2390",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2390"
              },
              {
                "name": "RHSA-2018:2391",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2391"
              },
              {
                "name": "RHSA-2018:2392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2392"
              },
              {
                "name": "RHSA-2018:2394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2394"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel:",
              "vendor": "[UNKNOWN]",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Linux kernel\u0027s KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host\u0027s userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-15T02:22:56.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "104905",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104905"
            },
            {
              "name": "RHSA-2018:2393",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2393"
            },
            {
              "name": "RHSA-2018:2390",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2390"
            },
            {
              "name": "RHSA-2018:2391",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2391"
            },
            {
              "name": "RHSA-2018:2392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2392"
            },
            {
              "name": "RHSA-2018:2394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2394"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2018-10901",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kernel:",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "[UNKNOWN]"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A flaw was found in Linux kernel\u0027s KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host\u0027s userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-665"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104905",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104905"
                },
                {
                  "name": "RHSA-2018:2393",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2393"
                },
                {
                  "name": "RHSA-2018:2390",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2390"
                },
                {
                  "name": "RHSA-2018:2391",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2391"
                },
                {
                  "name": "RHSA-2018:2392",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2392"
                },
                {
                  "name": "RHSA-2018:2394",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2394"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
                },
                {
                  "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
                  "refsource": "CONFIRM",
                  "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
                },
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36",
                  "refsource": "CONFIRM",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2018-10901",
        "datePublished": "2018-07-26T17:00:00.000Z",
        "dateReserved": "2018-05-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:54:35.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }