uthrasri / Linux_kernel_4.19.72

0 stars 0 forks source link

CVE-2018-20669 (High) detected in linuxlinux-4.19.72 #27

Open mend-bolt-for-github[bot] opened 11 months ago

mend-bolt-for-github[bot] commented 11 months ago

CVE-2018-20669 - High Severity Vulnerability

Vulnerable Library - linuxlinux-4.19.72

The Linux Kernel

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux

Found in HEAD commit: ed48650604b1d1d694b8e4b96732faa74080f35a

Found in base branch: master

Vulnerable Source Files (1)

/include/linux/uaccess.h

Vulnerability Details

An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.

Publish Date: 2019-03-18

URL: CVE-2018-20669

CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20669

Release Date: 2019-03-21

Fix Resolution: v5.0-rc1


Step up your Open Source Security Game with Mend here