{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-23T16:06:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3849-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3849-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1094825"}, {"name": "USN-3849-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3849-2/"}, {"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348"}, {"tags": ["x_refsource_MISC"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348"}, {"name": "RHSA-2019:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0831"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18386", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3849-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3849-1/"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1094825", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1094825"}, {"name": "USN-3849-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3849-2/"}, {"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"}, {"name": "https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348"}, {"name": "RHSA-2019:0831", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0831"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:08:21.778Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3849-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3849-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1094825"}, {"name": "USN-3849-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3849-2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348"}, {"name": "RHSA-2019:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0831"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18386", "datePublished": "2018-10-17T20:00:00", "dateReserved": "2018-10-16T00:00:00", "dateUpdated": "2024-08-05T11:08:21.778Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A84E4D94-A9A4-424C-8262-0B7B89C8CB6D", "versionEndExcluding": "4.14.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ."}, {"lang": "es", "value": "drivers/tty/n_tty.c en el kernel de Linux en versiones anteriores a la 4.14.11 permite que atacantes locales (que pueden acceder a los pseudoterminales) bloqueen el uso de dispositivos pseudoterminal debido a una confusi\u00f3n EXTPROC versus ICANON en TIOCINQ."}], "id": "CVE-2018-18386", "lastModified": "2019-04-23T17:29:05.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-17T20:29:00.550", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:0831"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1094825"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Patch", "Third Party Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3849-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3849-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-704"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0831", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.7.1.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-04-23T00:00:00Z"}], "bugzilla": {"description": "kernel: Type confusion in drivers/tty/n_tty.c allows for a denial of service", "id": "1640598", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640598"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-843", "details": ["drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.", "A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler."], "name": "CVE-2018-18386", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-12-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-18386\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18386"], "threat_severity": "Moderate"}