Vulnerability Details : CVE-2018-11232
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2018-11232
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 19 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-11232
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-11232
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-11232
-
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.2
Vendor Advisory
-
https://github.com/torvalds/linux/commit/f09444639099584bc4784dfcd85ada67c6f33e0f
coresight: fix kernel panic caused by invalid CPU · torvalds/linux@f094446 · GitHubPatch;Third Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f09444639099584bc4784dfcd85ada67c6f33e0f
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
Products affected by CVE-2018-11232
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*