CVE-2018-1120

 

Published at: - 20-06-2018 03:29

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

 

Verification logic

 

Reference

• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120
• [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report-Exploit, Mailing List, Third Party Advisory
• 44806-Exploit, Third Party Advisory, VDB Entry
• 104229-Third Party Advisory, VDB Entry
• [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package-Mailing List, Third Party Advisory
• USN-3752-2-Third Party Advisory
• USN-3752-1-Third Party Advisory
• USN-3752-3-Third Party Advisory
• GLSA-201805-14-Third Party Advisory
• RHSA-2018:3096-Third Party Advisory
• RHSA-2018:3083-Third Party Advisory
• RHSA-2018:2948-Third Party Advisory
• USN-3910-2-
• USN-3910-1-

 

Keywords

NVD

 

CVE-2018-1120

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures