CVE - CVE-2018-16885

CVE-ID
CVE-2018-16885	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:106296 URL:http://www.securityfocus.com/bid/106296 MISC:RHSA-2019:2029 URL:https://access.redhat.com/errata/RHSA-2019:2029 MISC:RHSA-2019:2043 URL:https://access.redhat.com/errata/RHSA-2019:2043 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885 URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885
Assigning CNA
Red Hat, Inc.
Date Record Created
20180911	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20180911)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)