BDU:2020-00620

BDU

Medium

Уязвимость компонента userfaultfd ядра операционной системы Linux существует из-за недостаточной проверки входных данных. Эксплуатация уязв…

CVSS

5.5

Medium

EPSS

0.00

Published

2020-01-01

Updated

2020-01-01

Description

Уязвимость компонента userfaultfd ядра операционной системы Linux существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю оказать воздействие на целостность защищаемой информации

Affected products

Novell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise build system kitNovell inc. Suse linux enterprise high availabilityNovell inc. Suse linux enterprise high availabilityNovell inc. Suse linux enterprise high availabilityNovell inc. Suse linux enterprise high availabilityNovell inc. Suse linux enterprise high availabilityNovell inc. Suse linux enterprise high availability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Timeline

2020-01-01

Published

2020-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: H

High (H)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Linux

Linux Kernel

Novell

Suse Linux Enterprise High Performance Computing Suse Linux Enterprise Module For Basesystem Suse Linux Enterprise Workstation Extension Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Module For Development Tools Suse Linux Enterprise Live Patching Suse Linux Enterprise Module For Public Cloud Suse Linux Enterprise Module For Legacy Software Suse Linux Enterprise High Availability Suse Linux Enterprise Module For Live Patching+1

Product	Vendor	Status
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise build system kit	novell inc.	Tracked
suse linux enterprise high availability	novell inc.	Tracked
suse linux enterprise high availability	novell inc.	Tracked
suse linux enterprise high availability	novell inc.	Tracked
suse linux enterprise high availability	novell inc.	Tracked
suse linux enterprise high availability	novell inc.	Tracked
suse linux enterprise high availability	novell inc.	Tracked

Showing first 20 of 322

Source databases

BDU

Related vulnerabilities

CVE-2018-18397

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18397@http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1@https://access.redhat.com/errata/RHBA-2019:0327@https://access.redhat.com/errata/RHSA-2019:0163@https://access.redhat.com/errata/RHSA-2019:0202@https://access.redhat.com/errata/RHSA-2019:0324@https://access.redhat.com/errata/RHSA-2019:0831@https://access.redhat.com/security/cve/CVE-2018-18397@https://bugs.chromium.org/p/project-zero/issues/detail?id=1700@https://bugzilla.redhat.com/show_bug.cgi?id=1641548@https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87@https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7@https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18397@https://exploit.kitploit.com/2018/12/linux-userfaultfd-tmpfs-file-permission.html@https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1@https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1@https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87@https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.8@https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u@https://lore.kernel.org/lkml/20181126173452.26955-2-aarcange@redhat.com/@https://ubuntu.com/security/notices/USN-3901-1@https://ubuntu.com/security/notices/USN-3901-2@https://ubuntu.com/security/notices/USN-3903-1@https://ubuntu.com/security/notices/USN-3903-2@https://usn.ubuntu.com/3901-1/@https://usn.ubuntu.com/3901-2/@https://usn.ubuntu.com/3903-1/@https://usn.ubuntu.com/3903-2/@https://usn.ubuntu.com/usn/usn-3901-1@https://usn.ubuntu.com/usn/usn-3901-2@https://usn.ubuntu.com/usn/usn-3903-1@https://usn.ubuntu.com/usn/usn-3903-2@https://www.cve.org/CVERecord?id=CVE-2018-18397@https://www.openwall.com/lists/oss-security/2018/12/12/1@https://www.suse.com/security/cve/CVE-2018-18397/