CVE-2018-1120 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Denial of service |
| Description | A denial of service has been found in Linux <= 4.16.9. An attacker can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in Userspace) onto this process's command-line arguments. The attacker can therefore block pgrep, pidof, pkill, ps, and w, either forever (a denial of service), or for some controlled time (a synchronization tool for exploiting other vulnerabilities). |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-704 | linux-zen | 4.16.9-1 | 4.17-1 | High | Fixed | |
| AVG-703 | linux-hardened | 4.16.9.a-1 | 4.17a-1 | High | Fixed | |
| AVG-702 | linux-lts | 4.14.41-1 | 4.14.44-1 | High | Fixed | |
| AVG-701 | linux | 4.16.9-1 | 4.17.2-1 | High | Fixed |
| References |
|---|
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830 |
| Notes |
|---|
Fixed in v4.17 |