CVE-2018-10675
kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
La funciĆ³n do_get_mempolicy en mm/mempolicy.c en el kernel de Linux, en versiones anteriores a la 4.12.9, permite que los usuarios locales provoquen una denegaciĆ³n de servicio (uso de memoria previamente liberada) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas.
The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-05-02 CVE Reserved
- 2018-05-02 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104093 | Third Party Advisory | |
| https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 | Third Party Advisory | |
| https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9 | Release Notes | |
| https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2164 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:2384 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:2395 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:2785 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:2791 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:2924 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:2925 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:2933 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:3540 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:3586 | 2023-02-24 | |
| https://access.redhat.com/errata/RHSA-2018:3590 | 2023-02-24 | |
| https://usn.ubuntu.com/3754-1 | 2023-02-24 | |
| https://access.redhat.com/security/cve/CVE-2018-10675 | 2018-11-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1575065 | 2018-11-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.2.95 Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.95" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.16.50 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.16.50" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.67 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.67" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.45 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.45" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.84" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.45 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.45" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.12.9" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Virtualization Host Search vendor "Redhat" for product "Virtualization Host" | 4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.5 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 6.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "6.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "6.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||