CVE-2018-10675

HIGH

Linux Kernel < 4.12.9 - Use-After-Free in do_get_mempolicy

Title source: llm

Description

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.

References (18)

Core 18

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3540

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2785

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2164

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2925

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2933

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2395

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2384

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3754-1/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3590

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104093

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2924

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:3586

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2791

Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2020.html

Third Party Advisory x_refsource_confirm

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Patch, Vendor Advisory x_refsource_misc

https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99

View Patch ZIP pw:eip

Patch, Vendor Advisory x_refsource_misc

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99

Release Notes x_refsource_misc

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 11.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (23)

canonical/ubuntu_linux 14.04

linux/linux_kernel < 3.2.95

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_aus 6.4

redhat/enterprise_linux_server_aus 6.5

redhat/enterprise_linux_server_aus 6.6

redhat/enterprise_linux_server_aus 7.2

redhat/enterprise_linux_server_aus 7.3

redhat/enterprise_linux_server_aus 7.4

... and 13 more

Published May 02, 2018

Tracked Since Feb 18, 2026