QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-1120

Back to search

CVE-2018-1120

Published: Jun 20, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

2.8

LOW

Description

A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

VendorProductVersions

[UNKNOWN]

kernel

affected
kernel 4.17

Weaknesses (CWE)

CWE-122

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

USN-3752-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:3083
vendor-advisory
x_refsource_REDHAT
104229
vdb-entry
x_refsource_BID
USN-3752-3
vendor-advisory
x_refsource_UBUNTU
GLSA-201805-14
vendor-advisory
x_refsource_GENTOO
44806
exploit
x_refsource_EXPLOIT-DB
USN-3910-1
vendor-advisory
x_refsource_UBUNTU
USN-3910-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:2948
vendor-advisory
x_refsource_REDHAT
USN-3752-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:3096
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now