Wind River Support Network


LIN10-4856 : Security Advisory - linux - CVE-2018-5848

Created: Oct 28, 2018    Updated: May 13, 2022
Resolved Date: Nov 8, 2018
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Kernel


In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ‘ie_len’ argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Steps to Reproduce


Other Downloads


Live chat