CVE-2018-16885

Description

A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.

CVSS Version 3.0
CVSS Version 2.0

nvd
CVE ID: CVE-2018-16885
Base Score: 5.5
Base Severity: MEDIUM
Vector String:CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

redhat
CVE ID: CVE-2018-16885
Base Score: 4.7
Base Severity: MEDIUM
Vector String:CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

nvd
CVE ID: CVE-2018-16885
Base Score: 4.9
Base Severity: MEDIUM
Vector String:AV:L/AC:L/Au:N/C:N/I:N/A:C

Refrence: NVD MITRE

Description​

Description