First published: Fri Jul 26 2019(Updated: )
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <4.18.7 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Netapp Active Iq Performance Analytics Services | ||
Netapp Active Iq Unified Manager Vmware Vsphere | >=9.5 | |
Netapp Data Availability Services | ||
Netapp Element Software |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20855 is a vulnerability in the Linux kernel before version 4.18.7 that could lead to a leak of stack memory to userspace.
CVE-2018-20855 affects Linux versions before 4.18.7, potentially exposing sensitive stack memory to userspace.
The severity of CVE-2018-20855 is low with a CVSS score of 3.3.
To fix CVE-2018-20855, update your Linux kernel to version 4.18.7 or later.
You can find more information about CVE-2018-20855 at the following references: [link1](http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html), [link2](http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html), [link3](https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7).