A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.
Find out more about CVE-2018-1126 from the MITRE CVE dictionary dictionary and NIST NVD.
| CVSS3 Base Score | 4.8 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux Server TUS (v. 6.6) (procps) | RHSA-2018:2268 | 2018-07-26 |
| Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts | RHSA-2018:1820 | 2018-06-11 |
| Red Hat Enterprise Linux Advanced Update Support 6.6 (procps) | RHSA-2018:2268 | 2018-07-26 |
| Red Hat Enterprise Linux 7 (procps-ng) | RHSA-2018:1700 | 2018-05-23 |
| Red Hat Enterprise Linux Extended Update Support 6.7 (procps) | RHSA-2018:2267 | 2018-07-26 |
| Red Hat Enterprise Linux 6 (procps) | RHSA-2018:1777 | 2018-05-31 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | procps | Will not fix |
Vulmon