CVE-2018-12232 in Kernelinfo

Summary

In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/12/2018

Disclosure

06/12/2018

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-362

CVSS

4.8

EPSS

0.03298

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-12232
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-12232
CVE Details	https://www.cvedetails.com/cve/CVE-2018-12232/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!