In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T11:16:00.392Z

Reserved: 2018-10-22T00:00:00

Link: CVE-2018-18559

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-10-22T16:29:00.360

Modified: 2024-11-21T03:56:09.357

Link: CVE-2018-18559

cve-icon Redhat

Severity : Important

Publid Date: 2018-06-15T00:00:00Z

Links: CVE-2018-18559 - Bugzilla

cve-icon OpenCVE Enrichment

No data.