Red Hat has assigned a CVE ID to this issue: CVE-2018-3135. Upgrade as soon as possible. Severity: High
Red Hat has assigned a CVE ID to this issue: CVE-2018-3135. Upgrade as soon as possible.
Background:
A flaw in the fetch_url function of Red Hat Enterprise Linux 7.5 and earlier allows authenticated attackers to cause a denial of service (system crash) via a request for a specially crafted URL.
Description
This issue was discovered when using the Linux kernel package in Red Hat Enterprise Linux 5, 6, 7.
Certain system calls that are used for asynchronous I/O control operations may not return an error code. This issue can cause the process to continue running even if an application’s I/O control request fails. As a result, a malicious user can cause use-after-free errors and possibly execute arbitrary code with root privileges by leveraging this flaw.
Red Hat has assigned a CVE ID to this issue: CVE-2018-3135. Upgrade as soon as possible.
Background
A vulnerability was discovered in Red Hat Enterprise Linux 6.7 and 7.2 that could allow an attacker to cause a denial of service (DoS) or potentially escalate privileges on the system.
The issue can be triggered by an attacker who has access to the system via:
- Remote network attack (e.g., via a malicious e-mail attachment, etc.)
- Cross site scripting (XSS) attack
- Local privilege escalation exploit
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC