Published: 12/06/2018 Updated: 20/05/2019

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 8.0
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04

Several security issues were fixed in the Linux kernel ...

CWE-362 https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/https://secuniaresearch.flexerasoftware.com/advisories/81540/https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43 http://www.securitytracker.com/id/1041050 https://usn.ubuntu.com/3696-2/https://usn.ubuntu.com/3696-1/https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu.com/3752-2/https://usn.ubuntu.com/3752-1/https://usn.ubuntu.com/3752-3/http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html https://nvd.nist.gov https://usn.ubuntu.com/3696-1/

CVE-2018-5814

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect