CVE-2017-18232
kernel: Mishandling mutex within libsas allowing local Denial of Service
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
La implementación SAS (Serial Attached SCSI) en el kernel de Linux, hasta la versión 4.15.9, gestiona de manera incorrecta un mutex en libsas. Esto permite que usuarios locales provoquen una denegación de servicio (deadlock) desencadenando cierto código de gestión de errores.
The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-14 CVE Reserved
- 2018-03-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-833: Deadlock
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/103423 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:3083 | 2019-10-03 | |
https://access.redhat.com/errata/RHSA-2018:3096 | 2019-10-03 | |
https://usn.ubuntu.com/4163-1 | 2019-10-03 | |
https://usn.ubuntu.com/4163-2 | 2019-10-03 | |
https://www.debian.org/security/2018/dsa-4187 | 2019-10-03 | |
https://access.redhat.com/security/cve/CVE-2017-18232 | 2018-10-30 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1558066 | 2018-10-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.15.9 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.15.9" | - |
Affected
|