CVE-2018-11232

MEDIUM

Linux Kernel < 4.10.2 - Improper Input Validation

Title source: rule

Description

The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.2

Patch, Vendor Advisory x_refsource_misc

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f09444639099584bc4784dfcd85ada67c6f33e0f

Patch, Third Party Advisory x_refsource_misc

https://github.com/torvalds/linux/commit/f09444639099584bc4784dfcd85ada67c6f33e0f

View Patch ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0011

EPSS Percentile 29.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (1)

linux/linux_kernel < 4.10.2

Published May 18, 2018

Tracked Since Feb 18, 2026