How severe is CVE-2018-18559?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-18559?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2018-18559 - HIGH Severity | CVSS 8.1

Vulnerability Description

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.

Related Vulnerabilities

CVE-2005-2352

HIGH

CVSS:8.1(High)

I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.

CWE-3622005

CVE-2006-4245

HIGH

CVSS:8.1(High)

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

CWE-3622006

CVE-2009-4011

HIGH

CVSS:8.1(High)

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS cons...

CWE-3622009

CVE-2014-3701

HIGH

CVSS:8.1(High)

eDeploy has tmp file race condition flaws

CWE-3622014

CVE-2014-9748

HIGH

CVSS:8.1(High)

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to caus...

CWE-3622014

CVE-2015-1340

HIGH

CVSS:8.1(High)

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause an...

CWE-3622015