CVE-2018-13406
EUVD-2018-534906.07.2018, 14:29
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.24 ≤ 𝑥 < 3.16.58 |
| linux | linux_kernel | 3.17 ≤ 𝑥 < 3.18.114 |
| linux | linux_kernel | 3.19 ≤ 𝑥 < 4.4.139 |
| linux | linux_kernel | 4.5 ≤ 𝑥 < 4.9.111 |
| linux | linux_kernel | 4.10 ≤ 𝑥 < 4.14.53 |
| linux | linux_kernel | 4.15 ≤ 𝑥 < 4.17.4 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||
| linux-aws |
| ||||||||||
| linux-azure |
| ||||||||||
| linux-azure-edge |
| ||||||||||
| linux-euclid |
| ||||||||||
| linux-flo |
| ||||||||||
| linux-gcp |
| ||||||||||
| linux-gke |
| ||||||||||
| linux-goldfish |
| ||||||||||
| linux-grouper |
| ||||||||||
| linux-hwe |
| ||||||||||
| linux-hwe-edge |
| ||||||||||
| linux-kvm |
| ||||||||||
| linux-lts-trusty |
| ||||||||||
| linux-lts-utopic |
| ||||||||||
| linux-lts-vivid |
| ||||||||||
| linux-lts-wily |
| ||||||||||
| linux-lts-xenial |
| ||||||||||
| linux-maguro |
| ||||||||||
| linux-mako |
| ||||||||||
| linux-manta |
| ||||||||||
| linux-oem |
| ||||||||||
| linux-raspi2 |
| ||||||||||
| linux-snapdragon |
|
References