CVE-2018-18445
HIGHCanonical Ubuntu Linux < 4.14.75 - Out-of-Bounds Read
Title source: ruleDescription
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
Exploits (1)
github
WORKING POC
by fabrizioperna · cpoc
https://github.com/fabrizioperna/ebpf-verifier-cve-pocs/tree/main/CVE-2018-18445
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
Status
published
Products (12)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
linux/linux_kernel
4.14.9 - 4.14.75
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_server
7.0
redhat/enterprise_linux_server
7.6
redhat/enterprise_linux_server_aus
7.6
redhat/enterprise_linux_server_eus
7.6
... and 2 more
Published
Oct 17, 2018
Tracked Since
Feb 18, 2026