CVE-2018-5332 : In the Linux kernel through 3.2, the rds_message_alloc

In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

Published 2018-01-11 07:29:00

Updated 2023-02-24 18:43:39

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2018-5332

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.77
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.17 and before (<) 3.18.92
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 3.2.99
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.2 and before (<) 4.4.112
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.14.44
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.3 and before (<) 3.16.54
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.19 and before (<) 4.1.50
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-5332

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-5332

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-5332

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-5332

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=60daca9efbb3e4109ebc1f7069543e5573fc124e

kernel/git/tip/tip.git - Unnamed repository; edit this file 'description' to name the repository.
Mailing List;Patch;Vendor Advisory
https://usn.ubuntu.com/3617-2/

USN-3617-2: Linux (HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/102507

Linux Kernel 'net/rds/rdma.c' Local Denial of Service Vulnerability
Broken Link;Third Party Advisory;VDB Entry
https://usn.ubuntu.com/3632-1/

USN-3632-1: Linux kernel (Azure) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3617-1/

USN-3617-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch;Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0470

RHSA-2018:0470 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3620-2/

USN-3620-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3620-1/

USN-3620-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3619-1/

USN-3619-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3619-2/

USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3617-3/

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c

RDS: Heap OOB write in rds_message_alloc_sgs() · torvalds/linux@c095508 · GitHub
Patch;Vendor Advisory
https://www.debian.org/security/2018/dsa-4187

Debian -- Security Information -- DSA-4187-1 linux
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html

[SECURITY] [DLA 1369-1] linux security update
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-5332

Products affected by CVE-2018-5332

Exploit prediction scoring system (EPSS) score for CVE-2018-5332

CVSS scores for CVE-2018-5332

CWE ids for CVE-2018-5332

References for CVE-2018-5332