Vulnerability Details : CVE-2018-14734
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2018-14734
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14734
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14734
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:C |
3.9
|
8.5
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-14734
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-14734
-
https://www.debian.org/security/2018/dsa-4308
Debian -- Security Information -- DSA-4308-1 linuxThird Party Advisory
-
https://usn.ubuntu.com/3847-2/
USN-3847-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3847-3/
USN-3847-3: Linux kernel (Azure) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
[SECURITY] [DLA 1531-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3849-1/
USN-3849-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://usn.ubuntu.com/3797-1/
USN-3797-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3847-1/
USN-3847-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2029
RHSA-2019:2029 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2019:0831
RHSA-2019:0831 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2019:2043
RHSA-2019:2043 - Security Advisory - Red Hat Customer Portal
-
https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8
infiniband: fix a possible use-after-free bug · torvalds/linux@cb2595c · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/3797-2/
USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3849-2/
USN-3849-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to