Main
Vulnerability Database
Exploits
ID:6364 - Exploit for Improper input validation in Linux kernel - CVE-2018-1120
ID:6364 - Exploit for Improper input validation in Linux kernel - CVE-2018-1120
Published: June 17, 2021
Vulnerability identifier: #VU12853
Vulnerability risk: Low
CVE-ID: CVE-2018-1120
CWE-ID: CWE-20
Exploitation vector: Local access
Vulnerable software:
Linux kernel
Linux kernel
Link to public exploit:
Vulnerability description
The vulnerability allows a local user to cause DoS condition on the target system.
The weakness exists due to insufficient validation of user-supplied input. A local user can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in Userspace) onto this process's command-line arguments, block pgrep, pidof, pkill, ps, and w, either forever (a denial of service), or for some controlled time (a synchronization tool for exploiting other vulnerabilities).
The weakness exists due to insufficient validation of user-supplied input. A local user can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in Userspace) onto this process's command-line arguments, block pgrep, pidof, pkill, ps, and w, either forever (a denial of service), or for some controlled time (a synchronization tool for exploiting other vulnerabilities).
Remediation
Update to version 4.11.