CVE-2018-5803

Current Description

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.

Basic Data

PublishedJune 12, 2018
Last ModifiedMarch 27, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score4.9
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactNONE
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score5.5
CVSS 3 - Base SeverityMEDIUM
Exploitability Score1.8
Base SeverityMEDIUM

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********3.2.102
    2.3OSLinuxLinux Kernel********3.34.1.51
    2.3OSLinuxLinux Kernel********4.34.9.87
    2.3OSLinuxLinux Kernel********4.104.14.25
    2.3OSLinuxLinux Kernel********4.154.15.8
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
    2.3OSDebianDebian Linux8.0*******
    2.3OSDebianDebian Linux9.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatVirtualization Host4.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 7.0, 8.0, 9.0
Redhat Enterprise Linux Workstation 7.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 7.0
Linux Linux Kernel *

References

NameSourceURLTags
RHSA-2018:1854https://access.redhat.com/errata/RHSA-2018:1854REDHATThird Party Advisory
RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:2948REDHATThird Party Advisory
RHSA-2018:3083https://access.redhat.com/errata/RHSA-2018:3083REDHATThird Party Advisory
RHSA-2018:3096https://access.redhat.com/errata/RHSA-2018:3096REDHATThird Party Advisory
RHSA-2019:0641https://access.redhat.com/errata/RHSA-2019:0641REDHATThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102CONFIRMVendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51CONFIRMVendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25CONFIRMVendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8CONFIRMVendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121CONFIRMVendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87CONFIRMVendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9chttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7CONFIRMVendor Advisory
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security updatehttps://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlMLISTThird Party Advisory
81331https://secuniaresearch.flexerasoftware.com/advisories/81331/SECUNIAThird Party Advisory
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/MISCThird Party Advisory
USN-3654-1https://usn.ubuntu.com/3654-1/UBUNTUThird Party Advisory
USN-3654-2https://usn.ubuntu.com/3654-2/UBUNTUThird Party Advisory
USN-3656-1https://usn.ubuntu.com/3656-1/UBUNTUThird Party Advisory
USN-3697-1https://usn.ubuntu.com/3697-1/UBUNTUThird Party Advisory
USN-3697-2https://usn.ubuntu.com/3697-2/UBUNTUThird Party Advisory
USN-3698-1https://usn.ubuntu.com/3698-1/UBUNTUThird Party Advisory
USN-3698-2https://usn.ubuntu.com/3698-2/UBUNTUThird Party Advisory
DSA-4187https://www.debian.org/security/2018/dsa-4187DEBIANThird Party Advisory
DSA-4188https://www.debian.org/security/2018/dsa-4188DEBIANThird Party Advisory
[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sendinghttps://www.spinics.net/lists/linux-sctp/msg07036.htmlMLISTMailing List Third Party Advisory
[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending informationhttps://www.spinics.net/lists/netdev/msg482523.htmlMLISTMailing List Third Party Advisory