A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.
Find out more about CVE-2018-1126 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 4.8 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | Required |
Scope | Unchanged |
Confidentiality | Low |
Integrity Impact | Low |
Availability Impact | Low |
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux Server TUS (v. 6.6) (procps) | RHSA-2018:2268 | 2018-07-26 |
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts | RHSA-2018:1820 | 2018-06-11 |
Red Hat Enterprise Linux Advanced Update Support 6.6 (procps) | RHSA-2018:2268 | 2018-07-26 |
Red Hat Enterprise Linux 7 (procps-ng) | RHSA-2018:1700 | 2018-05-23 |
Red Hat Enterprise Linux Extended Update Support 6.7 (procps) | RHSA-2018:2267 | 2018-07-26 |
Red Hat Enterprise Linux 6 (procps) | RHSA-2018:1777 | 2018-05-31 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 5 | procps | Will not fix |