Public Date:
1575853: CVE-2018-1126 procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues
A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.

Find out more about CVE-2018-1126 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 4.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Server TUS (v. 6.6) (procps) RHSA-2018:2268 2018-07-26
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts RHSA-2018:1820 2018-06-11
Red Hat Enterprise Linux Advanced Update Support 6.6 (procps) RHSA-2018:2268 2018-07-26
Red Hat Enterprise Linux 7 (procps-ng) RHSA-2018:1700 2018-05-23
Red Hat Enterprise Linux Extended Update Support 6.7 (procps) RHSA-2018:2267 2018-07-26
Red Hat Enterprise Linux 6 (procps) RHSA-2018:1777 2018-05-31

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 procps-ng Not affected
Red Hat Enterprise Linux 5 procps Will not fix


Red Hat would like to thank Qualys Research Labs for reporting this issue.

External References

Last Modified