Out-of-bounds write in Linux kernel



| Updated: 2020-05-30
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-16880
CWE-ID CWE-787
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Out-of-bounds write

EUVDB-ID: #VU17253

Risk: Medium

CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2018-16880

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to perform a denial of service (DoS) attack or execute arbitrary code.

The vulnerability exists due to out-of-bounds write in a kmalloc-8 slab on a virtual host when handling_rx() function in the [vhost_net] driver. An adjacent attacker can trigger a kernel memory corruption and cause a system panic or execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 4.18 - 4.20.6

CPE2.3 External links

https://bugzilla.redhat.com/show_bug.cgi?id=1656472
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2b3b35eb9896f26c98b9a...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5a4941aa6d190e676065e...
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.7
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.20


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###