← back
CVE-2018-1120

CVE-2018-1120

CVSS 2.8 LOWEPSS 7.3%CWE-122
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Affected products
[UNKNOWN] · kernel
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44806/unverifiedexploitdbwww.exploit-db.com/exploits/44806unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:3083https://access.redhat.com/errata/RHSA-2018:3096https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120http://seclists.org/oss-sec/2018/q2/122https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830https://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlhttps://security.gentoo.org/glsa/201805-14https://usn.ubuntu.com/3752-1/https://usn.ubuntu.com/3752-2/https://usn.ubuntu.com/3752-3/https://usn.ubuntu.com/3910-1/