Vulnerability Details : CVE-2018-13406
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
Vulnerability category: Overflow
Products affected by CVE-2018-13406
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-13406
0.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 3 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-13406
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-13406
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-13406
-
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
[SECURITY] [DLA 1715-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3754-1/
USN-3754-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713
video: uvesafb: Fix integer overflow in allocation · torvalds/linux@9f645bc · GitHubPatch
-
https://usn.ubuntu.com/3752-2/
USN-3752-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3752-1/
USN-3752-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4
Release Notes
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713
kernel/git/torvalds/linux.git - Linux kernel source treePatch
-
https://usn.ubuntu.com/3753-2/
USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3752-3/
USN-3752-3: Linux kernel (Azure, GCP, OEM) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3753-1/
USN-3753-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securitytracker.com/id/1041355
Linux Kernel Integer Overflow in uvesafb_setcmap() Lets Local Users Cause Denial of Service Conditions on the Target System - SecurityTrackerVDB Entry;Third Party Advisory
-
http://www.securityfocus.com/bid/104685
Linux Kernel 'drivers/video/fbdev/uvesafb.c' Local Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
Jump to