SB2018061406 - Denial of service in Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018061406

SB2018061406 - Denial of service in Linux Kernel

Published: June 14, 2018 Updated: June 15, 2018

Security Bulletin ID SB2018061406
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Race condition (CVE-ID: CVE-2018-12232)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the net/socket.c source code file due to the fchownat() function does not increment the reference count of a socket file descriptor, which could trigger a race condition between the sock_close() and sockfs_setattr() functions. A local attacker can submit specially crafted input, trigger a NULL pointer dereference condition and cause the system to crash..


2) Race condition (CVE-ID: CVE-2018-5814)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to race condition when processing malicious input. A remote attacker can send multiple specially crafted USB over IP packets, trigger a use-after-free memory error or a null pointer dereference and cause the system to crash.


Remediation

Install update from vendor's website.

References