CVE-2018-9568 : In sk_clone_lock of sock.c, there is a possible memory corruption due to type co

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.

Published 2018-12-06 14:29:02

Updated 2023-02-24 18:43:19

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2018-9568

Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 3.10.108
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.2 and before (<) 4.4.94
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.11 and before (<) 3.16.58
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.13.6
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.55
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.19 and before (<) 4.1.46
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.17 and before (<) 3.18.77
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Google » Android » Version: N/A
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions

Threat overview for CVE-2018-9568

Top countries where our scanners detected CVE-2018-9568

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2018-9568 41,398

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-9568!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-9568

EPSS FAQ

0.38%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 57 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-9568

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-9568

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-9568

https://access.redhat.com/errata/RHSA-2019:2736

RHSA-2019:2736 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://source.android.com/security/bulletin/2018-12-01

Android Security Bulletin—December 2018 | Android Open Source Project
Patch;Vendor Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:0512

RHSA-2019:0512 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3880-1/

USN-3880-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:3967

RHSA-2019:3967 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:0514

RHSA-2019:0514 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:2696

RHSA-2019:2696 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:4056

RHSA-2019:4056 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3880-2/

USN-3880-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:2730

RHSA-2019:2730 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:4255

RHSA-2019:4255 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:4159

RHSA-2019:4159 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:4164

RHSA-2019:4164 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url