CVE-2018-9568

kernel: Memory corruption due to incorrect socket cloning

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.

En sk_clone_lock en sock.c, hay una posible corrupción de memoria debido a una confusión de tipos. Esto podría llevar a un escalado de privilegios local sin necesitar privilegios de ejecución adicionales. No se necesita interacción del usuario para explotarlo. Producto: Android. Versiones: Android kernel. Android ID: A-113509306. Referencias: Upstream kernel.

A possible memory corruption due to a type confusion was found in the Linux kernel in the sk_clone_lock() function in the net/core/sock.c. The possibility of local escalation of privileges cannot be fully ruled out for a local unprivileged attacker.

It was discovered that the CIFS client implementation in the Linux kernel did not properly handle setup negotiation during session recovery, leading to a NULL pointer exception. An attacker could use this to create a malicious CIFS server that caused a denial of service. Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-04-05 CVE Reserved
2018-12-06 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-122: Heap-based Buffer Overflow
CWE-704: Incorrect Type Conversion or Cast

CAPEC

References (15)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://source.android.com/security/bulletin/2018-12-01	2023-02-24

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:0512	2023-02-24
https://access.redhat.com/errata/RHSA-2019:0514	2023-02-24
https://access.redhat.com/errata/RHSA-2019:2696	2023-02-24
https://access.redhat.com/errata/RHSA-2019:2730	2023-02-24
https://access.redhat.com/errata/RHSA-2019:2736	2023-02-24
https://access.redhat.com/errata/RHSA-2019:3967	2023-02-24
https://access.redhat.com/errata/RHSA-2019:4056	2023-02-24
https://access.redhat.com/errata/RHSA-2019:4159	2023-02-24
https://access.redhat.com/errata/RHSA-2019:4164	2023-02-24
https://access.redhat.com/errata/RHSA-2019:4255	2023-02-24
https://usn.ubuntu.com/3880-1	2023-02-24
https://usn.ubuntu.com/3880-2	2023-02-24
https://access.redhat.com/security/cve/CVE-2018-9568	2019-12-17
https://bugzilla.redhat.com/show_bug.cgi?id=1655904	2019-12-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				-		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 3.10.108 Search vendor "Linux" for product "Linux Kernel" and version " < 3.10.108"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.11 < 3.16.58 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.16.58"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.17 < 3.18.77 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.77"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 4.1.46 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.46"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.2 < 4.4.94 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.94"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 4.9.55 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.55"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 4.13.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.13.6"		-		Affected