Vulnerability Details : CVE-2018-10124
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2018-10124
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-10124
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-10124
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-10124
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-10124
-
https://usn.ubuntu.com/3754-1/
USN-3754-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea77014af0d6205b05503d1c7aac6eace11d473
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://usn.ubuntu.com/3696-2/
USN-3696-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/4ea77014af0d6205b05503d1c7aac6eace11d473
kernel/signal.c: avoid undefined behaviour in kill_something_info · torvalds/linux@4ea7701 · GitHubPatch;Third Party Advisory
-
https://news.ycombinator.com/item?id=2972021
The problem with -2147483648 in C. | Hacker NewsExploit;Third Party Advisory
-
http://www.securitytracker.com/id/1040684
Linux Kernel Integer Negation Error Lets Local Users Cause Denial of Service Conditions - SecurityTrackerThird Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
[SECURITY] [DLA 1423-1] linux-4.9 new packageMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3696-1/
USN-3696-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to