Home CVE Database CVE-2018-9517

CVE-2018-9517

Description

A race condition between pppol2tp_session_create() and l2tp_eth_create() in net/l2tp/l2tp_netlink.c in the Linux kernel. Calling l2tp_tunnel_find() may result in a new tunnel being created with tunnel id of a previous removed tunnel which wouldn\'t be protected by the reference counter.

Priority: HIGH
CVSS v3: 6.7
Publish Date: Nov 11, 2018
Related ID: --
CVSS v2: MEDIUM
Modified Date: Nov 11, 2018

Find out more about CVE-2018-9517 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Fixed LIN10-5004
10.17.41.13 Wind River Linux LTS 10.17.41.13
Wind River Linux LTS 10.17.41.14
Wind River Linux LTS 10.17.41.15
Wind River Linux LTS 10.17.41.16
Wind River Linux LTS 10.17.41.17
Wind River Linux LTS 10.17.41.18
Wind River Linux LTS 10.17.41.20
Wind River Linux LTS 10.17.41.21
Wind River Linux LTS 10.17.41.22
Wind River Linux 9 Fixed LIN9-7751
9.0.0.20 --
Wind River Linux 8 Fixed LIN8-10077
8.0.0.29 --
Wind River Linux LTS 18 Not Vulnerable -- -- --
Wind River Linux LTS 19 Not Vulnerable -- -- --
Wind River Linux CD release Not Vulnerable -- -- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Fixed -- 7.0.0.30 --
Linux 7 CGP Not Vulnerable -- -- --

Comments

linux

Live chat
Online