CVE-2018-10675
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
02/05/2018
Last modified:
24/02/2023
Description
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.2.95 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.3 (including) | 3.16.50 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.17 (including) | 3.18.67 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.19 (including) | 4.1.45 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.2 (including) | 4.4.84 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.5 (including) | 4.9.45 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 4.12.9 (excluding) |
| cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99
- http://www.securityfocus.com/bid/104093
- https://access.redhat.com/errata/RHSA-2018:2164
- https://access.redhat.com/errata/RHSA-2018:2384
- https://access.redhat.com/errata/RHSA-2018:2395
- https://access.redhat.com/errata/RHSA-2018:2785
- https://access.redhat.com/errata/RHSA-2018:2791
- https://access.redhat.com/errata/RHSA-2018:2924
- https://access.redhat.com/errata/RHSA-2018:2925
- https://access.redhat.com/errata/RHSA-2018:2933
- https://access.redhat.com/errata/RHSA-2018:3540
- https://access.redhat.com/errata/RHSA-2018:3586
- https://access.redhat.com/errata/RHSA-2018:3590
- https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://usn.ubuntu.com/3754-1/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9
- https://www.oracle.com/security-alerts/cpujul2020.html