What is CVE-2018-1000204?

CVE-2018-1000204 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.3 out of 10. CVE-2018-1000204 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2018-1000204?

CVE-2018-1000204 has a CVSS score of 5.3 out of 10, rated Medium severity. The vector string is CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N.

Is there a patch available for CVE-2018-1000204?

No patch is currently available for CVE-2018-1000204. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2018-1000204 actively exploited?

CVE-2018-1000204 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2018-1000204

Medium

Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit.

Package Linux Kernel

Published 2018-06-26

Last modified 2024-11-21

CVSS version 3.0

Patch available

Awaiting data

CVSS 3.0 score

5.3

out of 10

Medium

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Vector string

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References

The following references provide additional information about CVE-2018-1000204 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Lists
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
Openwall
http://www.openwall.com/lists/oss-security/2018/06/26/3

Mailing List Third Party Advisory
Red Hat
https://access.redhat.com/errata/RHSA-2018:2948

Third Party Advisory
Debian Security
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html

Third Party Advisory
Debian Security
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html

Third Party Advisory
Debian Security
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html

Third Party Advisory
Ubuntu Security
https://usn.ubuntu.com/3696-1/

Third Party Advisory
Ubuntu Security
https://usn.ubuntu.com/3696-2/

Third Party Advisory
Ubuntu Security
https://usn.ubuntu.com/3752-1/

Third Party Advisory
Ubuntu Security
https://usn.ubuntu.com/3752-2/

Third Party Advisory
Ubuntu Security
https://usn.ubuntu.com/3752-3/

Third Party Advisory
Ubuntu Security
https://usn.ubuntu.com/3754-1/

Third Party Advisory
Kernel patch commit
https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824
Patch

Details

CVE ID CVE-2018-1000204

Severity Medium

CVSS score 5.3 / 10

CVSS version 3.0

Published 2018-06-26

Modified 2024-11-21

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2018-1000204?

CVE-2018-1000204 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.3 out of 10 . CVE-2018-1000204 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2018-1000204?

CVE-2018-1000204 has a CVSS score of 5.3 out of 10, rated Medium severity (CVSS 3.0). The vector string is CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N.
Is there a patch available for CVE-2018-1000204?

No patch is currently available for CVE-2018-1000204. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2018-1000204 actively exploited?

No — CVE-2018-1000204 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.