By mmap()ing a FUSE-backed file onto a process’s memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

References

seclists.org/oss-sec/2018/q2/122

bugzilla.redhat.com/show_bug.cgi?id=1575472

osv 2

veracode 1

virtuozzo 4

prion 1

openvas 66

nessus 39

f5 1

redhat 5

debiancve 1

ubuntucve 1

cve 1

amazon 2

mageia 3

gentoo 1

fedora 49

ubuntu 5

cloudfoundry 2

zdt 1

photon 3

exploitpack 1

packetstorm 1

suse 2

exploitdb 1

oraclelinux 2

ibm 1

debian 1

centos 1

slackware 1

osv

CVE-2018-1120

2018-06-20 13:29:00

linux-4.9 - security update

2018-07-14 00:00:00

veracode

Denial Of Service (DoS)

2019-05-16 03:18:36

virtuozzo

Kernel security update: Virtuozzo ReadyKernel patch 54.0 for Virtuozzo 7.0.7 HF2 and 7.0.7 HF3

2018-07-13 00:00:00

Kernel security update: Virtuozzo ReadyKernel patch 54.0 for Virtuozzo 7.0.4 to 7.0.7 (excl. hotfixes)

2018-07-13 00:00:00

Important kernel security update: CVE-2018-3639 (x86 AMD) and other issues; new kernel 2.6.32-042stab132.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

2018-07-16 00:00:00

prion

Design/Logic Flaw

2018-06-20 13:29:00

openvas

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1510)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1280)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1406)

2020-01-23 00:00:00

nessus

Virtuozzo 7 : readykernel-patch (VZA-2018-045)

2018-07-16 00:00:00

Fedora 28 : kernel (2018-8ce90c8b24)

2019-01-03 00:00:00

Virtuozzo 7 : readykernel-patch (VZA-2018-046)

2018-07-16 00:00:00

K42202505 : Linux kernel vulnerability CVE-2018-1120

2020-12-09 00:00:00

redhat

(RHSA-2020:3810) Moderate: kernel-rt security and bug fix update

2020-09-22 14:41:35

(RHSA-2020:3804) Moderate: kernel security and bug fix update

2020-09-22 11:00:02

(RHSA-2018:3083) Important: kernel security, bug fix, and enhancement update

2018-10-30 04:16:59

debiancve

CVE-2018-1120

2018-06-20 13:29:00

ubuntucve

CVE-2018-1120

2018-05-17 00:00:00

cve

CVE-2018-1120

2018-06-20 13:29:00

amazon

Important: kernel

2018-06-08 18:33:00

Important: kernel

2018-06-08 18:08:00

mageia

Updated kernel packages fix security vulnerabilities

2018-05-31 23:34:08

Updated kernel-linus packages fix security vulnerabilities

2018-05-31 23:34:08

Updated kernel-tmb packages fix security vulnerabilities

2018-05-31 23:34:08

gentoo

procps: Multiple vulnerabilities

2018-05-30 00:00:00

fedora

[SECURITY] Fedora 28 Update: kernel-4.16.10-300.fc28

2018-05-23 15:43:22

[SECURITY] Fedora 28 Update: kernel-4.16.11-300.fc28

2018-05-24 14:00:06

[SECURITY] Fedora 28 Update: kernel-4.16.12-300.fc28

2018-05-29 11:21:48

ubuntu

Linux kernel (Xenial HWE) vulnerabilities

2019-03-15 00:00:00

Linux kernel vulnerabilities

2019-03-15 00:00:00

Linux kernel (Azure, GCP, OEM) vulnerabilities

2018-08-28 00:00:00

cloudfoundry

USN-3910-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2019-04-12 00:00:00

USN-3752-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry

2018-09-27 00:00:00

zdt

Procps-ng - Multiple Vulnerabilities

2018-05-30 00:00:00

photon

Important Photon OS Security Update - PHSA-2018-0049

2018-05-22 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0206

2019-02-06 00:00:00

Important Photon OS Security Update - PHSA-2019-0206

2019-02-06 00:00:00

exploitpack

Procps-ng - Multiple Vulnerabilities

2018-05-30 00:00:00

packetstorm

Procps-ng Audit Report

2018-05-22 00:00:00

suse

Security update for the Linux Kernel (important)

2019-02-06 00:00:00

Security update for the Linux Kernel (important)

2018-07-28 15:17:43

exploitdb

Procps-ng - Multiple Vulnerabilities

2018-05-30 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2018-12-11 00:00:00

kernel security, bug fix, and enhancement update

2018-11-05 00:00:00

ibm

Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in Pacemaker, ImageMagick, gd-libgd, libxslt, cURL libcurl , Ghostscript.

2022-02-21 04:39:05

debian

[SECURITY] [DLA 1423-1] linux-4.9 new package

2018-07-18 15:37:11

centos

bpftool, kernel, perf, python security update

2018-11-15 18:40:28

slackware

[slackware-security] Slackware 14.2 kernel

2019-01-31 00:22:22

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

JSON

Related for RH:CVE-2018-1120