CVE-2018-14619
- Source
- https://cve.org/CVERecord?id=CVE-2018-14619
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14619.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-14619
- Downstream
- Published
- 2018-08-30T12:29:01.407Z
- Modified
- 2026-02-11T14:06:48.729959Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each afalgctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.
- References
-
- http://www.securityfocus.com/bid/105200
- https://access.redhat.com/errata/RHSA-2018:2948
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14619
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b32a7dc8aef1882fbf983eb354837488cc9d54dc
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0013
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14619
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b32a7dc8aef1882fbf983eb354837488cc9d54dc
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedb32a7dc8aef1882fbf983eb354837488cc9d54dcIntroducedbebc6082da0a9f5d47a1ea2edc099bf671058bd4Fixedb32a7dc8aef1882fbf983eb354837488cc9d54dc
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14619.json"
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@b32a7dc8aef1882fbf983eb354837488cc9d54dc",
"digest": {
"line_hashes": [
"195802956623405391254681064645263041835",
"206671502083768037751183671169724016923",
"32822697991940167964969545815719636441",
"291660406987230577937876498895722382046",
"324302374724899954510182553078408045623",
"41988720393210877139958068603570368662",
"54821081350295761704614917708177099520",
"262275630258279150935650475963544060911"
],
"threshold": 0.9
},
"id": "CVE-2018-14619-21bcf610",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "crypto/algif_aead.c"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@b32a7dc8aef1882fbf983eb354837488cc9d54dc",
"digest": {
"length": 111.0,
"function_hash": "335391121367234182122523621263168591612"
},
"id": "CVE-2018-14619-516b24bc",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "crypto/algif_aead.c",
"function": "aead_release"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@b32a7dc8aef1882fbf983eb354837488cc9d54dc",
"digest": {
"length": 432.0,
"function_hash": "57626888664334858961901841908531488870"
},
"id": "CVE-2018-14619-a49da32c",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"target": {
"file": "crypto/algif_aead.c",
"function": "aead_sock_destruct"
}
}
]