CVE-2018-18559 in Red Hat and Linux Products
Published on October 22, 2018

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-18559

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-18559 are published in these products:

Red Hat Openshift Container Platform

Red Hat Virtualization Host

Linux Kernel

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Eus

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Workstation

Exploit Probability

EPSS

0.84%

Percentile

74.37%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-18559 in Red Hat and Linux ProductsPublished on October 22, 2018

Products Associated with CVE-2018-18559

Exploit Probability

CVE-2018-18559 in Red Hat and Linux Products
Published on October 22, 2018