Buffer overflow in Linux kernel - CVE-2018-9363
Published: August 17, 2018 / Updated: May 30, 2020
Vulnerability identifier: #VU14453
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-9363
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the hidp_process_report when processing Bluetooth packets. An attacker with physical proximity to the system can send specially crafted traffic, trigger memory corruption and perform denial of service attack or execute arbitrary code.
How to mitigate CVE-2018-9363
Install updates from vendor's website.
Sources
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.64
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.121
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.149
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.2
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.16