CVE-2018-18386

LOW

Linux Kernel <4.14.11 - DoS

Title source: llm

Description

drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.

References (7)

[Third Party Advisory] https://usn.ubuntu.com/3849-1/

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.suse.com/show_bug.cgi?id=1094825

[Third Party Advisory] https://usn.ubuntu.com/3849-2/

[Patch, Release Notes, Third Party Advisory] https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11

[Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348

View Patch ZIP pw:eip

[Patch, Vendor Advisory] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2019:0831

Scores

CVSS v3 3.3

EPSS 0.0004

EPSS Percentile 12.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-704

Status published

Products (3)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

linux/linux_kernel < 4.14.11

Published Oct 17, 2018

Tracked Since Feb 18, 2026