CVE-2018-1120

Current Description

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

Basic Data

PublishedJune 20, 2018
Last ModifiedOctober 09, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score3.5
SeverityLOW
Exploitability Score6.8
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityHIGH
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactNONE
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score5.3
CVSS 3 - Base SeverityMEDIUM
Exploitability Score1.6
Base SeverityMEDIUM

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********4.17
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatVirtualization Host4.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux8.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux16.04***lts***
    2.3OSCanonicalUbuntu Linux18.04***lts***

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 8.0
Redhat Enterprise Linux Workstation 7.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 7.0
Canonical Ubuntu Linux 16.04, 18.04
Linux Linux Kernel *

References

NameSourceURLTags
[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Reporthttp://seclists.org/oss-sec/2018/q2/122MLISTExploit Mailing List Third Party Advisory
104229http://www.securityfocus.com/bid/104229BIDThird Party Advisory VDB Entry
RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:2948REDHATThird Party Advisory
RHSA-2018:3083https://access.redhat.com/errata/RHSA-2018:3083REDHATThird Party Advisory
RHSA-2018:3096https://access.redhat.com/errata/RHSA-2018:3096REDHATThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120CONFIRMIssue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685CONFIRMPatch Third Party Advisory
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new packagehttps://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlMLISTMailing List Third Party Advisory
GLSA-201805-14https://security.gentoo.org/glsa/201805-14GENTOOThird Party Advisory
USN-3752-1https://usn.ubuntu.com/3752-1/UBUNTUThird Party Advisory
USN-3752-2https://usn.ubuntu.com/3752-2/UBUNTUThird Party Advisory
USN-3752-3https://usn.ubuntu.com/3752-3/UBUNTUThird Party Advisory
USN-3910-1https://usn.ubuntu.com/3910-1/UBUNTU
USN-3910-2https://usn.ubuntu.com/3910-2/UBUNTU
44806https://www.exploit-db.com/exploits/44806/EXPLOIT-DBExploit Third Party Advisory VDB Entry