CVE-2018-18559

moderate-risk

Published 2018-10-22

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

Do I need to act?

0.84% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (9)

Linux Kernel

Openshift Container Platform

Virtualization Host

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Affected Vendors

Redhat Linux

References (18)

Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0327

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0163

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0188

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1170

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:1190

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3967

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4159

Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0174

Exploit https://blogs.securiteam.com/index.php/archives/3731