In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.
References
Link | Resource |
---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14 | Patch Third Party Advisory |
http://www.securityfocus.com/bid/104453 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2018:2948 | |
https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14 | Patch Third Party Advisory |
https://lkml.org/lkml/2018/6/5/14 | Third Party Advisory |
https://patchwork.ozlabs.org/patch/926519/ | Patch Third Party Advisory |
https://usn.ubuntu.com/3752-1/ | |
https://usn.ubuntu.com/3752-2/ | |
https://usn.ubuntu.com/3752-3/ |
Configurations
History
No history.
Information
Published : 2018-06-12 12:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-12232
Mitre link : CVE-2018-12232
CVE.ORG link : CVE-2018-12232
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')