CVE-2018-9568 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2018-9568?

CVE-2018-9568 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-9568?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.

Vulnerability Description

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Android	-
Canonical	Ubuntu Linux	12.04
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.6
Redhat	Enterprise Linux Server Eus	7.6
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Workstation	7.0
Linux	Linux Kernel	< 3.10.108

Related Weaknesses (CWE)

CWE-704

References

https://access.redhat.com/errata/RHSA-2019:0512Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0514Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2696Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2730Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2736Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3967Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4056Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4159Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4164Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4255Third Party Advisory
https://source.android.com/security/bulletin/2018-12-01PatchVendor Advisory
https://usn.ubuntu.com/3880-1/Third Party Advisory
https://usn.ubuntu.com/3880-2/Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0512Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0514Third Party Advisory

FAQ

What is CVE-2018-9568?

CVE-2018-9568 is a vulnerability with a CVSS score of 7.8 (HIGH). In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti...

How severe is CVE-2018-9568?

CVE-2018-9568 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9568?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Canonical Ubuntu Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.