Vulnerability Details : CVE-2018-1120
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
Vulnerability category: OverflowDenial of service
Products affected by CVE-2018-1120
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1120
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1120
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.6
|
3.6
|
NIST | |
2.8
|
LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
1.3
|
1.4
|
Red Hat, Inc. |
CWE ids for CVE-2018-1120
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by: secalert@redhat.com (Secondary)
References for CVE-2018-1120
-
https://www.exploit-db.com/exploits/44806/
Procps-ng - Multiple VulnerabilitiesExploit;Third Party Advisory;VDB Entry
-
http://seclists.org/oss-sec/2018/q2/122
oss-sec: Qualys Security Advisory - Procps-ng Audit ReportExploit;Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120
1575472 – (CVE-2018-1120) CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of serviceIssue Tracking;Patch;Third Party Advisory
-
https://usn.ubuntu.com/3752-2/
USN-3752-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3096
RHSA-2018:3096 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2948
RHSA-2018:2948 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3752-1/
USN-3752-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3083
RHSA-2018:3083 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Third Party Advisory
-
https://usn.ubuntu.com/3752-3/
USN-3752-3: Linux kernel (Azure, GCP, OEM) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://security.gentoo.org/glsa/201805-14
procps: Multiple vulnerabilities (GLSA 201805-14) — Gentoo securityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
[SECURITY] [DLA 1423-1] linux-4.9 new packageMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3910-1/
USN-3910-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/3910-2/
USN-3910-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/104229
Linux Kernel CVE-2018-1120 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to