Integer Overflow in uvesafb_setcmap Function in Linux Kernel

Integer Overflow in uvesafb_setcmap Function in Linux Kernel

CVE-2018-13406 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.