CVE-2018-1120

Source
Severity Medium
Remote No
Type Denial of service
Description
A denial of service has been found in Linux <= 4.16.9. An attacker can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in Userspace) onto this process's command-line arguments. The attacker can therefore block pgrep, pidof, pkill, ps, and w, either forever (a denial of service), or for some controlled time (a synchronization tool for exploiting other vulnerabilities).
Group Package Affected Fixed Severity Status Ticket
AVG-704 linux-zen 4.16.9-1 Medium Vulnerable
AVG-703 linux-hardened 4.16.9.a-1 Medium Vulnerable
AVG-702 linux-lts 4.14.41-1 Medium Vulnerable
AVG-701 linux 4.16.9-1 Medium Vulnerable
References
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830