Lucene search

[email protected]CVE-2018-20855

HistoryJul 26, 2019 - 5:15 a.m.

CVE-2018-20855

2019-07-2605:15:00

CWE-119

[email protected]

web.nvd.nist.gov

386

cve-2018-20855

linux kernel

kernel vulnerability

stack memory leak

driver

infiniband

mlx5

nvd

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

16.2%

JSON

An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt4.18.7
opensuse:leapopensuse leapeq15.0
opensuse:leapopensuse leapeq15.1
netapp:element_softwarenetapp element softwareeq-
netapp:active_iq_performance_analytics_servicesnetapp active iq performance analytics serviceseq-
netapp:active_iq_unified_managernetapp active iq unified managereq*
netapp:data_availability_servicesnetapp data availability serviceseq-

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	4.18.7
opensuse:leap	opensuse leap	eq	15.0
opensuse:leap	opensuse leap	eq	15.1
netapp:element_software	netapp element software	eq	-
netapp:active_iq_performance_analytics_services	netapp active iq performance analytics services	eq	-
netapp:active_iq_unified_manager	netapp active iq unified manager	eq	*
netapp:data_availability_services	netapp data availability services	eq	-