Heap-based Out-of-Bounds Write Vulnerability in Linux Kernel through 3.2

Heap-based Out-of-Bounds Write Vulnerability in Linux Kernel through 3.2

CVE-2018-5332 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.