CVE-2018-18386
LOWLinux Kernel < 4.14.11 - Denial of Service via TIOCINQ EXTPROC/ICANON Confusion
Title source: llmDescription
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3849-1/
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=1094825
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3849-2/
Patch, Release Notes, Third Party Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348
Patch, Vendor Advisory x_refsource_misc
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0831
Scores
CVSS v3
3.3
EPSS
0.0041
EPSS Percentile
32.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-704
Status
published
Products (3)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
linux/linux_kernel
< 4.14.11
Published
Oct 17, 2018
Tracked Since
Feb 18, 2026