Home

CVE-2018-18445

Description

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.045

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel for Microsoft Azure Cloud systems (USN-3820-3) linux-image-azure_4.15.0.1036.23_amd64.debLinux
Linux kernel (USN-3847-1) linux-image-generic_4.15.0.43.45_i386.debLinux
Linux kernel (USN-3847-1) linux-image-generic_4.15.0.43.45_amd64.debLinux
Linux kernel (USN-3847-1) linux-image-4.15.0-1026-gcp_4.15.0-1026.27_amd64.debLinux
Linux kernel (USN-3847-1) linux-image-4.15.0-1028-kvm_4.15.0-1028.28_amd64.debLinux
Linux kernel (USN-3847-1) linux-image-4.15.0-1030-oem_4.15.0-1030.35_amd64.debLinux
Linux kernel (USN-3847-1) linux-image-4.15.0-1031-aws_4.15.0-1031.33_amd64.debLinux
Linux kernel (USN-3847-1) linux-image-4.15.0-1036-azure_4.15.0-1036.38_amd64.debLinux
Linux kernel (USN-3847-1) linux-image-4.15.0-43-generic_4.15.0-43.46_i386.debLinux
Linux kernel (USN-3847-1) linux-image-4.15.0-43-generic_4.15.0-43.46_amd64.debLinux
Linux kernel (USN-3847-1) linux-image-4.15.0-43-lowlatency_4.15.0-43.46_i386.debLinux
Linux kernel (USN-3847-1) linux-image-4.15.0-43-lowlatency_4.15.0-43.46_amd64.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-aws-hwe_4.15.0.1031.32_amd64.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-1026-gcp_4.15.0-1026.27~16.04.1_amd64.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-1031-aws_4.15.0-1031.33~16.04.1_amd64.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-1036-azure_4.15.0-1036.38~16.04.1_amd64.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-43-generic_4.15.0-43.46~16.04.1_i386.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-43-generic_4.15.0-43.46~16.04.1_amd64.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-generic-hwe-16.04_4.15.0.43.64_i386.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-generic-hwe-16.04_4.15.0.43.64_amd64.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-43-lowlatency_4.15.0-43.46~16.04.1_i386.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-4.15.0-43-lowlatency_4.15.0-43.46~16.04.1_amd64.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-lowlatency-hwe-16.04_4.15.0.43.64_i386.debLinux
Linux kernel for Amazon Web Services (AWS-HWE) systems (USN-3847-2) linux-image-lowlatency-hwe-16.04_4.15.0.43.64_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3847-3) linux-image-azure_4.15.0.1036.23_amd64.debLinux
Linux kernel for Microsoft Azure Cloud systems (USN-3847-3) linux-image-4.15.0-1036-azure_4.15.0-1036.38~14.04.2_amd64.debLinux
Linux kernel (USN-3835-1) linux-image-4.18.0-1004-gcp_4.18.0-1004.5_amd64.debLinux
Linux kernel (USN-3835-1) linux-image-4.18.0-1005-kvm_4.18.0-1005.5_amd64.debLinux
Linux kernel (USN-3835-1) linux-image-4.18.0-12-generic_4.18.0-12.13_i386.debLinux
Linux kernel (USN-3835-1) linux-image-4.18.0-12-generic_4.18.0-12.13_amd64.debLinux
Linux kernel (USN-3835-1) linux-image-4.18.0-12-lowlatency_4.18.0-12.13_i386.debLinux
Linux kernel (USN-3835-1) linux-image-4.18.0-12-lowlatency_4.18.0-12.13_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234