CVE-2018-13406
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 2.6.24 | 3.16.58 |
| linux / linux_kernel | 3.17 | 3.18.114 |
| linux / linux_kernel | 3.19 | 4.4.139 |
| linux / linux_kernel | 4.5 | 4.9.111 |
| linux / linux_kernel | 4.10 | 4.14.53 |
| linux / linux_kernel | 4.15 | 4.17.4 |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| debian / debian_linux | 8.0 | 8.0.x |
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713
- http://www.securityfocus.com/bid/104685
- http://www.securitytracker.com/id/1041355
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4
- https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3753-1/
- https://usn.ubuntu.com/3753-2/
- https://usn.ubuntu.com/3754-1/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime