CVE-2018-18386 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2018-18386?

CVE-2018-18386 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-18386?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux.

Vulnerability Description

drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.

CVSS Score

3.3

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 4.14.11
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-704

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031PatchVendor Advisory
https://access.redhat.com/errata/RHSA-2019:0831
https://bugzilla.suse.com/show_bug.cgi?id=1094825Issue TrackingPatchThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11PatchRelease NotesThird Party Advisory
https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f05634PatchThird Party Advisory
https://usn.ubuntu.com/3849-1/Third Party Advisory
https://usn.ubuntu.com/3849-2/Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031PatchVendor Advisory
https://access.redhat.com/errata/RHSA-2019:0831
https://bugzilla.suse.com/show_bug.cgi?id=1094825Issue TrackingPatchThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11PatchRelease NotesThird Party Advisory
https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f05634PatchThird Party Advisory
https://usn.ubuntu.com/3849-1/Third Party Advisory
https://usn.ubuntu.com/3849-2/Third Party Advisory

FAQ

What is CVE-2018-18386?

CVE-2018-18386 is a vulnerability with a CVSS score of 3.3 (LOW). drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC ver...

How severe is CVE-2018-18386?

CVE-2018-18386 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-18386?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux.