CVE-2018-20784
Advisory lineage Upstream: 0 Downstream: 12
Modified
Published: 22 Feb 2019, 15:00
Last modified:05 Aug 2024, 12:12
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (nvd)
EPSS Score
0.49% LOW
0% probability -0.23%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 Feb 2019, 15:00
Published
Vulnerability first disclosed
05 Aug 2024, 12:12
Last Modified
Vulnerability information updated
Description
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.49%• Percentile: 66%
Techniques & Countermeasures
- CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Systems
- canonical•ubuntu_linux
14.04 | 16.04 | 18.04
- linux•linux_kernel
≥ 4.13, < 4.14.93 | ≥ 4.19, < 4.19.15 | ≥ 4.20, < 4.20.2 | 5.0:rc1
- redhat•enterprise_linux
8.0
- redhat•enterprise_linux_for_real_time
8
References (9)
- https://github.com/torvalds/linux/commit/c40f7d74c741a907cfaeb73a7697081881c497d0
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c40f7d74c741a907cfaeb73a7697081881c497d0
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2
- https://access.redhat.com/errata/RHSA-2019:1959
- https://access.redhat.com/errata/RHSA-2019:1971
- https://usn.ubuntu.com/4115-1/
- https://usn.ubuntu.com/4118-1/
- https://usn.ubuntu.com/4211-2/
- https://usn.ubuntu.com/4211-1/