CVE-2018-8043 - OpenCVE

The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

No data.

References

Link	Providers
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
http://www.securitytracker.com/id/1040749
https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
https://nvd.nist.gov/vuln/detail/CVE-2018-8043
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3630-1/
https://usn.ubuntu.com/3630-2/
https://usn.ubuntu.com/3632-1/
https://www.cve.org/CVERecord?id=CVE-2018-8043

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-10T22:00:00

Updated: 2024-08-05T06:46:12.147Z

Reserved: 2018-03-10T00:00:00

Link: CVE-2018-8043

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-03-10T22:29:00.397

Modified: 2019-03-04T19:11:06.430

Link: CVE-2018-8043

Redhat

Severity : Low

Publid Date: 2018-01-11T00:00:00Z

Links: CVE-2018-8043 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-03-10T00:00:00", "descriptions": [{"lang": "en", "value": "The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-09T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3619-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "USN-3630-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3630-2/"}, {"name": "USN-3632-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3632-1/"}, {"tags": ["x_refsource_MISC"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"}, {"name": "USN-3630-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3630-1/"}, {"name": "USN-3619-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3619-1/"}, {"name": "1040749", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040749"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-8043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3619-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "USN-3630-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3630-2/"}, {"name": "USN-3632-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3632-1/"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"}, {"name": "https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"}, {"name": "USN-3630-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3630-1/"}, {"name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/"}, {"name": "1040749", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040749"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:46:12.147Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3619-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3619-2/"}, {"name": "USN-3630-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3630-2/"}, {"name": "USN-3632-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3632-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"}, {"name": "USN-3630-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3630-1/"}, {"name": "USN-3619-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3619-1/"}, {"name": "1040749", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040749"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-8043", "datePublished": "2018-03-10T22:00:00", "dateReserved": "2018-03-10T00:00:00", "dateUpdated": "2024-08-05T06:46:12.147Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0278205C-4B96-48BC-B53F-14897F367C40", "versionEndIncluding": "4.15.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference)."}, {"lang": "es", "value": "La funci\u00f3n unimac_mdio_probe en drivers/net/phy/mdio-bcm-unimac.c en el kernel de Linux hasta la versi\u00f3n 4.15.8 no valida la disponibilidad de ciertos recursos. Esto permite que usuarios locales provoquen una denegaci\u00f3n de servicio (desreferencia de puntero NULL)."}], "id": "CVE-2018-8043", "lastModified": "2019-03-04T19:11:06.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-10T22:29:00.397", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040749"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3619-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3619-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3630-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3630-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3632-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() can lead to denial of service", "id": "1554199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1554199"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-252->CWE-476", "details": ["The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).", "The Linux kernel was found vulnerable to a NULL pointer dereference in the drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() function caused by an unchecked return value from the platform_get_resource() function. A successful flaw exploitation can cause a system panic and a denial of service. This flaw is believed not to be an attacker triggerable as bad return value can be caused by hardware misconfiguration."], "name": "CVE-2018-8043", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2018-01-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-8043\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8043"], "threat_severity": "Low", "upstream_fix": "kernel 4.16-rc1"}