CVE-2018-18559: Race Condition
First published: Mon Oct 22 2018(Updated: )
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=3.2.95<3.2.100 | |
| Linux Linux kernel | >=3.14.58<3.15 | |
| Linux Linux kernel | >=3.18.25<3.18.88 | |
| Linux Linux kernel | >=4.1.14<4.1.49 | |
| Linux Linux kernel | >=4.2.7<4.3 | |
| Linux Linux kernel | >=4.3.1<4.4.106 | |
| Linux Linux kernel | >=4.5<4.9.70 | |
| Linux Linux kernel | >=4.10<4.14.7 | |
| Redhat Openshift Container Platform | =3.11 | |
| Redhat Virtualization Host | =4.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.6 | |
| Redhat Enterprise Linux Server Tus | =7.6 | |
| Redhat Enterprise Linux Workstation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2019:0163
- https://access.redhat.com/errata/RHSA-2019:0188
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://access.redhat.com/errata/RHSA-2019:3967
- https://access.redhat.com/errata/RHSA-2019:4159
- https://access.redhat.com/errata/RHSA-2020:0174
- https://blogs.securiteam.com/index.php/archives/3731
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15fe076edea787807a7cdc168df832544b58eba6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1641879
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1641878#c3
- https://bugzilla.redhat.com/show_bug.cgi?id=1641878
Frequently Asked Questions
What is CVE-2018-18559?
CVE-2018-18559 is a vulnerability in the Linux kernel that can lead to a use-after-free due to a race condition.
What is the severity of CVE-2018-18559?
The severity of CVE-2018-18559 is high with a CVSS score of 8.1.
How does CVE-2018-18559 affect Linux?
CVE-2018-18559 affects various versions of the Linux kernel.
What is the fix for CVE-2018-18559?
The fix for CVE-2018-18559 can be found in the Linux kernel's commit 15fe076edea787807a7cdc168df832544b58eba6.
Are there any references available for CVE-2018-18559?
Yes, you can find references for CVE-2018-18559 in the SecuriTeam blog, the Linux kernel's commit, and the Red Hat bugzilla.
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-18559
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/remedy
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.2.95
- version/linux linux kernel/3.14.58
- version/linux linux kernel/3.18.25
- version/linux linux kernel/4.1.14
- version/linux linux kernel/4.2.7
- version/linux linux kernel/4.3.1
- version/linux linux kernel/4.5
- version/linux linux kernel/4.10
- vendor/redhat
- canonical/redhat openshift container platform
- version/redhat openshift container platform/3.11
- canonical/redhat virtualization host
- version/redhat virtualization host/4.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0