#VU17253 Out-of-bounds write in Linux kernel - CVE-2018-16880

Cybersecurity Help s.r.o.

Published: 2019-01-29 | Updated: 2020-05-30

Vulnerability identifier: #VU17253

Vulnerability risk: Medium

CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2018-16880

CWE-ID: CWE-787

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows an adjacent attacker to perform a denial of service (DoS) attack or execute arbitrary code.

The vulnerability exists due to out-of-bounds write in a kmalloc-8 slab on a virtual host when handling_rx() function in the [vhost_net] driver. An adjacent attacker can trigger a kernel memory corruption and cause a system panic or execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 4.18 - 4.19.19, 4.20 rc5 - 4.20.6

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1656472
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2b3b35eb9896f26c98b9a...
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f5a4941aa6d190e676065e...
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.7
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.20

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Out-of-bounds write in Linux kernel

Fedora 28 update for kernel, kernel-headers, kernel-tools

Fedora 29 update for kernel, kernel-headers, kernel-tools