Lucene search

[email protected]CVE-2018-5873

HistoryJul 06, 2018 - 7:29 p.m.

CVE-2018-5873

2018-07-0619:29:01

CWE-416

CWE-362

[email protected]

web.nvd.nist.gov

cve-2018-5873

ns_get_path

fs/nsfs.c

linux kernel

security vulnerability

use after free

race condition

android

caf

security patch

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.

Affected configurations

NVD

Node

googleandroidMatch-

Node

linuxlinux_kernelRange3.19–4.1.50

linuxlinux_kernelRange4.2–4.4.116

linuxlinux_kernelRange4.5–4.9.82

linuxlinux_kernelRange4.10–4.11

CPENameOperatorVersion
google:androidgoogle androideq-

CPE	Name	Operator	Version
google:android	google android	eq	-

CNA Affected

[
  {
    "product": "Android for MSM, Firefox OS for MSM, QRD Android",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "All Android releases from CAF using the Linux kernel"
      }
    ]
  }
]