CVE-2018-5873

Published: 7/6/2018 Last updated: 9/17/2024 Reserved: 1/19/2018

An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.

CNA assigner: qualcomm (2cfc7d3e-20d3-47ac-8db7-1b7285aff15f) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
Android for MSM, Firefox OS for MSM, QRD Android	Qualcomm, Inc.	n/a

References (10)

https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=34742aaf7cb16c95edba4a7afed6d2c4fa7e434b
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073c516ff73557a8f7315066856c04b50383ac34
https://source.android.com/security/bulletin/2018-07-01
https://github.com/torvalds/linux/commit/073c516ff73557a8f7315066856c04b50383ac34
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=34742aaf7cb16c95edba4a7afed6d2c4fa7e434b
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073c516ff73557a8f7315066856c04b50383ac34
https://source.android.com/security/bulletin/2018-07-01
https://github.com/torvalds/linux/commit/073c516ff73557a8f7315066856c04b50383ac34