Vulnerability Details : CVE-2018-20836
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
Vulnerability category: Memory Corruption
Products affected by CVE-2018-20836
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-20836
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-20836
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2018-20836
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-20836
-
https://www.debian.org/security/2019/dsa-4495
Debian -- Security Information -- DSA-4495-1 linuxThird Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
[SECURITY] [DLA 1884-1] linux security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20190719-0003/
May 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae
scsi: libsas: fix a race condition when smp task timeout · torvalds/linux@b90cd6f · GitHubPatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
[security-announce] openSUSE-SU-2019:1757-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
[security-announce] openSUSE-SU-2019:1716-1: important: Security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2019/dsa-4497
Debian -- Security Information -- DSA-4497-1 linuxThird Party Advisory
-
https://usn.ubuntu.com/4076-1/
USN-4076-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://support.f5.com/csp/article/K11225249
Third Party Advisory
-
https://seclists.org/bugtraq/2019/Aug/13
Bugtraq: [SECURITY] [DSA 4495-1] linux security updateMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/108196
Linux Kernel CVE-2018-20836 Race Condition VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
[SECURITY] [DLA 1885-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Aug/18
Bugtraq: [SECURITY] [DSA 4497-1] linux security updateMailing List;Third Party Advisory
Jump to