CVE-2018-5333 : In the Linux kernel through 4.14.13, the rds_cmsg

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

Published 2018-01-11 07:29:00

Updated 2020-01-22 19:15:11

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2018-5333

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions up to, including, (<=) 4.14.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 17.10
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-5333

EPSS FAQ

1.76%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2018-5333

Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation

Disclosure Date: 2018-11-01

First seen: 2020-04-26

exploit/linux/local/rds_atomic_free_op_null_pointer_deref_priv_esc

This module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the `rds_atomic_free_op` function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loade

More information

CVSS scores for CVE-2018-5333

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-5333

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-5333

https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737

RDS: null pointer dereference in rds_atomic_free_op · torvalds/linux@7d11f77 · GitHub
Patch;Vendor Advisory
https://usn.ubuntu.com/3617-2/

USN-3617-2: Linux (HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/102510

Linux Kernel 'net/rds/rdma.c' Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html

Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation ≈ Packet Storm

CVEs referencing this url
https://usn.ubuntu.com/3583-1/

USN-3583-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737

kernel/git/torvalds/linux.git - Linux kernel source tree
Issue Tracking;Patch;Vendor Advisory
https://usn.ubuntu.com/3632-1/

USN-3632-1: Linux kernel (Azure) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3617-1/

USN-3617-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2018:0470

RHSA-2018:0470 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3619-1/

USN-3619-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3619-2/

USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3617-3/

USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2018/dsa-4187

Debian -- Security Information -- DSA-4187-1 linux
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html

[SECURITY] [DLA 1369-1] linux security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3583-2/

USN-3583-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url

Jump to