#VU14453 Buffer overflow in Linux kernel - CVE-2018-9363
Published: August 17, 2018 / Updated: May 30, 2020
Vulnerability identifier: #VU14453
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-9363
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the hidp_process_report when processing Bluetooth packets. An attacker with physical proximity to the system can send specially crafted traffic, trigger memory corruption and perform denial of service attack or execute arbitrary code.
Remediation
Install updates from vendor's website.
External links
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.64
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.121
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.149
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.2
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.16