Wind River Support Network

HomeDefectsLIN8-9223
Fixed

LIN8-9223 : Security Advisory - linux - CVE-2018-1120

Created: May 24, 2018    Updated: Feb 20, 2019
Resolved Date: Jan 19, 2019
Found In Version: 8.0.0.25
Fix Version: 8.0.0.29
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Kernel

Description

An attacker can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in Userspace) onto this process's command-line arguments. The attacker can therefore block pgrep, pidof, pkill, ps, and w, either forever (a denial of service), or for some controlled time (a synchronization tool for exploiting other vulnerabilities).

https://security.archlinux.org/CVE-2018-1120
https://www.securityfocus.com/bid/104229/discuss
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt

Other Downloads


CVEs


Live chat
Online