Wind River Support Network


LIN8-9922 : Security Advisory - linux - CVE-2018-5848

Created: Oct 25, 2018    Updated: Dec 3, 2018
Resolved Date: Nov 12, 2018
Found In Version:
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Kernel


In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ‘ie_len’ argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Steps to Reproduce


Other Downloads


Live chat