CVE-2018-5873

EUVD-2018-17640
An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
googleandroid
-
linuxlinux_kernel
3.19 ≤
𝑥
< 4.1.50
linuxlinux_kernel
4.2 ≤
𝑥
< 4.4.116
linuxlinux_kernel
4.5 ≤
𝑥
< 4.9.82
linuxlinux_kernel
4.10 ≤
𝑥
< 4.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
jessie
not-affected
sid
6.11.6-1
fixed
trixie
6.11.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
artful
not-affected
bionic
not-affected
trusty
not-affected
xenial
Fixed 4.4.0-121.145
released
linux-aws
artful
dne
bionic
not-affected
trusty
Fixed 4.4.0-1017.17
released
xenial
Fixed 4.4.0-1055.64
released
linux-azure
artful
dne
bionic
not-affected
trusty
not-affected
xenial
not-affected
linux-azure-edge
artful
dne
bionic
pending
trusty
dne
xenial
not-affected
linux-euclid
artful
dne
bionic
dne
trusty
dne
xenial
ignored
linux-flo
artful
dne
bionic
dne
trusty
dne
xenial
ignored
linux-gcp
artful
dne
bionic
not-affected
trusty
dne
xenial
Fixed 4.13.0-1002.5
released
linux-gke
artful
dne
bionic
dne
trusty
dne
xenial
ignored
linux-goldfish
artful
dne
bionic
dne
trusty
dne
xenial
ignored
linux-grouper
artful
dne
bionic
dne
trusty
dne
xenial
dne
linux-hwe
artful
dne
bionic
not-affected
trusty
dne
xenial
Fixed 4.13.0-26.29~16.04.2
released
linux-hwe-edge
artful
dne
bionic
Fixed 4.18.0-8.9~18.04.1
released
trusty
dne
xenial
Fixed 4.13.0-26.29~16.04.2
released
linux-kvm
artful
dne
bionic
not-affected
trusty
dne
xenial
Fixed 4.4.0-1021.26
released
linux-lts-trusty
artful
dne
bionic
dne
trusty
dne
xenial
dne
linux-lts-utopic
artful
dne
bionic
dne
trusty
dne
xenial
dne
linux-lts-vivid
artful
dne
bionic
dne
trusty
dne
xenial
dne
linux-lts-wily
artful
dne
bionic
dne
trusty
dne
xenial
dne
linux-lts-xenial
artful
dne
bionic
dne
trusty
Fixed 4.4.0-121.145~14.04.1
released
xenial
dne
linux-maguro
artful
dne
bionic
dne
trusty
dne
xenial
dne
linux-mako
artful
dne
bionic
dne
trusty
dne
xenial
ignored
linux-manta
artful
dne
bionic
dne
trusty
dne
xenial
dne
linux-oem
artful
dne
bionic
not-affected
trusty
dne
xenial
not-affected
linux-raspi2
artful
not-affected
bionic
not-affected
trusty
dne
xenial
Fixed 4.4.0-1087.95
released
linux-snapdragon
artful
Fixed 4.4.0-1090.95
released
bionic
not-affected
trusty
dne
xenial
Fixed 4.4.0-1090.95
released
Common Weakness Enumeration
References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073c516ff73557a8f7315066856c04b50383ac34
https://github.com/torvalds/linux/commit/073c516ff73557a8f7315066856c04b50383ac34
https://source.android.com/security/bulletin/2018-07-01
https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=34742aaf7cb16c95edba4a7afed6d2c4fa7e434b
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073c516ff73557a8f7315066856c04b50383ac34
https://github.com/torvalds/linux/commit/073c516ff73557a8f7315066856c04b50383ac34
https://source.android.com/security/bulletin/2018-07-01
https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=34742aaf7cb16c95edba4a7afed6d2c4fa7e434b
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin