{"containers": {"cna": {"affected": [{"product": "Linux Kernel", "vendor": "Linux Kernel Organization, Inc.", "versions": [{"status": "affected", "version": "4.x"}]}], "datePublic": "2018-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-10T15:06:12", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-4187", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4187"}, {"name": "USN-3654-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3654-1/"}, {"name": "USN-3674-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3674-1/"}, {"name": "USN-3677-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3677-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"}, {"name": "DSA-4188", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4188"}, {"name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://marc.info/?l=linux-netdev&m=152023808817590&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"name": "USN-3674-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3674-2/"}, {"name": "RHSA-2018:1355", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"name": "RHSA-2018:2948", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"name": "103459", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103459"}, {"name": "RHSA-2018:1318", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"name": "USN-3677-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3677-2/"}, {"name": "USN-3654-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3654-2/"}, {"name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://marc.info/?l=linux-netdev&m=152025888924151&w=2"}, {"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"name": "USN-3656-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3656-1/"}, {"name": "RHSA-2019:1170", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1170"}, {"name": "RHSA-2019:1190", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1190"}, {"name": "RHSA-2019:4159", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4159"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-03-05T00:00:00", "ID": "CVE-2018-1068", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Linux Kernel", "version": {"version_data": [{"version_value": "4.x"}]}}]}, "vendor_name": "Linux Kernel Organization, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119"}]}]}, "references": {"reference_data": [{"name": "DSA-4187", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4187"}, {"name": "USN-3654-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-1/"}, {"name": "USN-3674-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-1/"}, {"name": "USN-3677-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-1/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"}, {"name": "DSA-4188", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4188"}, {"name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries", "refsource": "MLIST", "url": "https://marc.info/?l=linux-netdev&m=152023808817590&w=2"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"name": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"name": "USN-3674-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3674-2/"}, {"name": "RHSA-2018:1355", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"name": "103459", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103459"}, {"name": "RHSA-2018:1318", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"name": "USN-3677-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3677-2/"}, {"name": "USN-3654-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3654-2/"}, {"name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries", "refsource": "MLIST", "url": "https://marc.info/?l=linux-netdev&m=152025888924151&w=2"}, {"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"name": "USN-3656-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3656-1/"}, {"name": "RHSA-2019:1170", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1170"}, {"name": "RHSA-2019:1190", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1190"}, {"name": "RHSA-2019:4159", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4159"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:47.340Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-4187", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4187"}, {"name": "USN-3654-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3654-1/"}, {"name": "USN-3674-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3674-1/"}, {"name": "USN-3677-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3677-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"}, {"name": "DSA-4188", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4188"}, {"name": "[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://marc.info/?l=linux-netdev&m=152023808817590&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"name": "USN-3674-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3674-2/"}, {"name": "RHSA-2018:1355", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"name": "RHSA-2018:2948", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"name": "103459", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103459"}, {"name": "RHSA-2018:1318", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"name": "USN-3677-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3677-2/"}, {"name": "USN-3654-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3654-2/"}, {"name": "[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entries", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://marc.info/?l=linux-netdev&m=152025888924151&w=2"}, {"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"name": "USN-3656-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3656-1/"}, {"name": "RHSA-2019:1170", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1170"}, {"name": "RHSA-2019:1190", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1190"}, {"name": "RHSA-2019:4159", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4159"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1068", "datePublished": "2018-03-16T16:00:00Z", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-09-16T16:13:09.145Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "085D47E4-E0D3-4433-BEE9-A6DC9F417727", "versionEndExcluding": "3.2.102", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0786B96E-E04C-4D2B-B358-CCE006BAED46", "versionEndExcluding": "3.16.57", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "631D13AB-3797-454F-92B5-C7622ACA7ED9", "versionEndExcluding": "3.18.100", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B94FB91-F52F-4470-BD90-5F2A159A06EB", "versionEndExcluding": "4.1.51", "versionStartIncluding": "3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2ADCBD0D-A6F7-49EC-AF7A-BE07FDB1D7B4", "versionEndExcluding": "4.4.122", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5946C1C1-D807-40A1-9C0E-17F3A3555E57", "versionEndExcluding": "4.9.88", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9174B92E-72E7-4654-9020-FFF426EEA823", "versionEndExcluding": "4.14.27", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "03AA527D-32A8-47C0-A5AE-DC9512401BAE", "versionEndExcluding": "4.15.10", "versionStartIncluding": "4.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory."}, {"lang": "es", "value": "Se ha encontrado un error en la implementaci\u00f3n de la interfaz syscall de 32 bits para puentes de red (bridging) en el kernel de las versiones 4.x de Linux. Esto permit\u00eda que un usuario privilegiado escribiese de forma arbitraria en un rango limitado de memoria del kernel."}], "id": "CVE-2018-1068", "lastModified": "2024-11-21T03:59:06.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-16T16:29:00.207", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103459"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1170"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1190"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:4159"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://marc.info/?l=linux-netdev&m=152023808817590&w=2"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://marc.info/?l=linux-netdev&m=152025888924151&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3654-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3654-2/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3656-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3674-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3674-2/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3677-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3677-2/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4187"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1318"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1355"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1190"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:4159"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://marc.info/?l=linux-netdev&m=152023808817590&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://marc.info/?l=linux-netdev&m=152025888924151&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3654-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3654-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3656-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3674-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3674-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3677-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3677-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4188"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:1355", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-862.2.3.rt56.806.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-05-08T00:00:00Z"}, {"advisory": "RHSA-2018:1318", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-862.2.3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-05-08T00:00:00Z"}, {"advisory": "RHSA-2018:2948", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}, {"advisory": "RHSA-2019:4159", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.71.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4159", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "kernel-0:3.10.0-514.71.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:4159", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "kernel-0:3.10.0-514.71.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-12-10T00:00:00Z"}, {"advisory": "RHSA-2019:1170", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "kernel-0:3.10.0-693.47.2.el7", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-05-14T00:00:00Z"}, {"advisory": "RHSA-2019:1190", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-693.47.2.rt56.641.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2019-05-14T00:00:00Z"}], "bugzilla": {"description": "kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c", "id": "1552048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.", "A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory."], "name": "CVE-2018-1068", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-03-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1068\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1068"], "threat_severity": "Important", "upstream_fix": "kernel-3.10.0 862.1.1.el7"}