CVE-2018-5814
CVE-2018-5814
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
12 Jun 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
Affected products
Linux Foundation · Linux KernelWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.htmlhttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966ehttps://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlhttps://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlhttps://secuniaresearch.flexerasoftware.com/advisories/81540/https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/