CVE-2018-8822
Debian Security Advisory 4188-1
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.
Manipulación incorrecta de longitud de búfer en la función ncp_read_kernel en fs/ncpfs/ncplib_kernel.c en el kernel de Linux hasta la versión 4.15.11 y en drivers/staging/ncpfs/ncplib_kernel.c en el kernel de Linux 4.16-rc hasta 4.16-rc6 podría ser explotada por servidores NCPFS maliciosos para cerrar inesperadamente el kernel o ejecutar código.
Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service or possibly gain administrative privileges in the host. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-20 CVE Reserved
- 2018-03-20 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/12/27/3 | Mailing List |
|
| http://www.securityfocus.com/bid/103476 | Broken Link | |
| https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mail-archive.com/netdev%40vger.kernel.org/msg223373.html | 2024-03-28 |
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/3653-1 | 2024-03-28 | |
| https://usn.ubuntu.com/3653-2 | 2024-03-28 | |
| https://usn.ubuntu.com/3654-1 | 2024-03-28 | |
| https://usn.ubuntu.com/3654-2 | 2024-03-28 | |
| https://usn.ubuntu.com/3655-1 | 2024-03-28 | |
| https://usn.ubuntu.com/3655-2 | 2024-03-28 | |
| https://usn.ubuntu.com/3656-1 | 2024-03-28 | |
| https://usn.ubuntu.com/3657-1 | 2024-03-28 | |
| https://www.debian.org/security/2018/dsa-4187 | 2024-03-28 | |
| https://www.debian.org/security/2018/dsa-4188 | 2024-03-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 2.6.12 < 3.2.102 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.2.102" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.16.57 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.16.57" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.103" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.52 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.52" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.125 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.125" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.91" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.31" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.15.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.15.14" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc4 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc5 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.16 Search vendor "Linux" for product "Linux Kernel" and version "4.16" | rc6 |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||