CVE-2018-14734

HIGH

Linux kernel <4.17.11 - DoS

Title source: llm
STIX 2.1

Description

drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).

References (14)

Core 14
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3797-2/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3847-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3797-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3847-2/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3849-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3849-2/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4308
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3847-3/
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0831
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2043
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2029

Scores

CVSS v3 7.8
EPSS 0.0003
EPSS Percentile 8.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (7)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
debian/debian_linux 8.0
debian/debian_linux 9.0
linux/linux_kernel < 4.17.11
Published Jul 29, 2018
Tracked Since Feb 18, 2026