CVE-2018-16885 (Medium) detected in linuxv3.10

[mend-bolt-for-github]

CVE-2018-16885 - Medium Severity Vulnerability

Vulnerable Library - linuxv3.10

Linux kernel source tree

Library home page: https://github.com/torvalds/linux.git

Found in HEAD commit: ac11c9631a8abeed315b67913aab3ba7a400aef3

Found in base branch: cosmic-experimental-1.6

Vulnerable Source Files (3)

android_kernel_samsung_a3xelte/include/net/udplite.h
android_kernel_samsung_a3xelte/include/net/udplite.h
android_kernel_samsung_a3xelte/include/net/udplite.h

Vulnerability Details

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.

Publish Date: 2019-01-03

URL: CVE-2018-16885

CVSS 3 Score Details (5.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.securityfocus.com/bid/106296

Release Date: 2019-01-03

Fix Resolution: v4.0-rc1

---

Step up your Open Source Security Game with WhiteSource here