Lucene search

K

[email protected]CVE-2018-1000004

HistoryJan 16, 2018 - 8:29 p.m.

CVE-2018-1000004

2018-01-1620:29:00

CWE-362

[email protected]

web.nvd.nist.gov

155

12

linux

kernel

race condition

vulnerability

deadlock

denial of service

sound system

cve-2018-1000004

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.008 Low

EPSS

Percentile

81.6%

In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq3.10
linux:linux_kernellinux linux kerneleq4.12
linux:linux_kernellinux linux kernelle2.6.0

References

seclists.org/oss-sec/2018/q1/51

www.securityfocus.com/bid/104606

access.redhat.com/errata/RHSA-2018:0654

access.redhat.com/errata/RHSA-2018:0676

access.redhat.com/errata/RHSA-2018:1062

access.redhat.com/errata/RHSA-2018:2390

access.redhat.com/errata/RHSA-2019:1483

help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

lists.debian.org/debian-lts-announce/2018/05/msg00000.html

usn.ubuntu.com/3631-1/

usn.ubuntu.com/3631-2/

usn.ubuntu.com/3798-1/

usn.ubuntu.com/3798-2/

www.debian.org/security/2018/dsa-4187

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Social References

More

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.008 Low

EPSS

Percentile

81.6%

Related for CVE-2018-1000004

prion1 f52 veracode1 altlinux1 debiancve1 redhatcve1 ubuntucve1 slackware1 nessus70 openvas22 fedora16 mageia3 oraclelinux5 suse48 photon2 redhat6 cloudfoundry1 ubuntu4 virtuozzo2 ibm4 centos2 osv2 debian3