CVE Vulnerability

CVE-2018-14619

A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b32a7dc8aef1882fbf983eb354837488cc9d54dc Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14619 Issue Tracking Third Party Advisory
http://www.securityfocus.com/bid/105200 Third Party Advisory VDB Entry
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0013 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2948 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:linux:linux_kernel:4.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.15:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.15:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Information

Published : 2018-08-30 12:29

Updated : 2023-02-24 06:43

NVD link : CVE-2018-14619

Mitre link : CVE-2018-14619

Products Affected

Linux

Linux Kernel

CWE
CWE-20