CVE-2018-12896
- Source
- https://cve.org/CVERecord?id=CVE-2018-12896
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12896.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-12896
- Downstream
- Related
- Published
- 2018-07-02T17:29:00.660Z
- Modified
- 2026-02-11T07:26:15.197397Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INTMAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timergetoverrun(2) and siginfo::sioverrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timercreate, and timer_settime system calls.
- References
-
- https://bugzilla.kernel.org/show_bug.cgi?id=200189
- https://github.com/lcytxw/bug_repro/tree/master/bug_200189
- https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://usn.ubuntu.com/3847-1/
- https://usn.ubuntu.com/3847-2/
- https://usn.ubuntu.com/3847-3/
- https://usn.ubuntu.com/3848-1/
- https://usn.ubuntu.com/3848-2/
- https://usn.ubuntu.com/3849-1/
- https://usn.ubuntu.com/3849-2/
- https://bugzilla.kernel.org/show_bug.cgi?id=200189
- https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://github.com/lcytxw/bug_repro/tree/master/bug_200189
Affected packages
Git / github.com/torvalds/linux
Affected ranges
- Type
- GIT
- Repo
- https://github.com/torvalds/linux
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v2.*
v2.6.12
v2.6.12-rc2
v2.6.12-rc3
v2.6.12-rc4
v2.6.12-rc5
v2.6.12-rc6
v2.6.13
v2.6.13-rc1
v2.6.13-rc2
v2.6.13-rc3
v2.6.13-rc4
v2.6.13-rc5
v2.6.13-rc6
v2.6.13-rc7
v2.6.14
v2.6.14-rc1
v2.6.14-rc2
v2.6.14-rc3
v2.6.14-rc4
v2.6.14-rc5
v2.6.15
v2.6.15-rc1
v2.6.15-rc2
v2.6.15-rc3
v2.6.15-rc4
v2.6.15-rc5
v2.6.15-rc6
v2.6.15-rc7
v2.6.16
v2.6.16-rc1
v2.6.16-rc2
v2.6.16-rc3
v2.6.16-rc4
v2.6.16-rc5
v2.6.16-rc6
v2.6.17
v2.6.17-rc1
v2.6.17-rc2
v2.6.17-rc3
v2.6.17-rc4
v2.6.17-rc5
v2.6.17-rc6
v2.6.18
v2.6.18-rc1
v2.6.18-rc2
v2.6.18-rc3
v2.6.18-rc4
v2.6.18-rc5
v2.6.18-rc6
v2.6.18-rc7
v2.6.19
v2.6.19-rc1
v2.6.19-rc2
v2.6.19-rc3
v2.6.19-rc4
v2.6.19-rc5
v2.6.19-rc6
v2.6.20
v2.6.20-rc1
v2.6.20-rc2
v2.6.20-rc3
v2.6.20-rc4
v2.6.20-rc5
v2.6.20-rc6
v2.6.20-rc7
v2.6.21
v2.6.21-rc1
v2.6.21-rc2
v2.6.21-rc3
v2.6.21-rc4
v2.6.21-rc5
v2.6.21-rc6
v2.6.21-rc7
v2.6.22
v2.6.22-rc1
v2.6.22-rc2
v2.6.22-rc3
v2.6.22-rc4
v2.6.22-rc5
v2.6.22-rc6
v2.6.22-rc7
v2.6.23
v2.6.23-rc1
v2.6.23-rc2
v2.6.23-rc3
v2.6.23-rc4
v2.6.23-rc5
v2.6.23-rc6
v2.6.23-rc7
v2.6.23-rc8
v2.6.23-rc9
v2.6.24
v2.6.24-rc1
v2.6.24-rc2
v2.6.24-rc3
v2.6.24-rc4
v2.6.24-rc5
v2.6.24-rc6
v2.6.24-rc7
v2.6.24-rc8
v2.6.25
v2.6.25-rc1
v2.6.25-rc2
v2.6.25-rc3
v2.6.25-rc4
v2.6.25-rc5
v2.6.25-rc6
v2.6.25-rc7
v2.6.25-rc8
v2.6.25-rc9
v2.6.26
v2.6.26-rc1
v2.6.26-rc2
v2.6.26-rc3
v2.6.26-rc4
v2.6.26-rc5
v2.6.26-rc6
v2.6.26-rc7
v2.6.26-rc8
v2.6.26-rc9
v2.6.27
v2.6.27-rc1
v2.6.27-rc2
v2.6.27-rc3
v2.6.27-rc4
v2.6.27-rc5
v2.6.27-rc6
v2.6.27-rc7
v2.6.27-rc8
v2.6.27-rc9
v2.6.28
v2.6.28-rc1
v2.6.28-rc2
v2.6.28-rc3
v2.6.28-rc4
v2.6.28-rc5
v2.6.28-rc6
v2.6.28-rc7
v2.6.28-rc8
v2.6.28-rc9
v2.6.29
v2.6.29-rc1
v2.6.29-rc2
v2.6.29-rc3
v2.6.29-rc4
v2.6.29-rc5
v2.6.29-rc6
v2.6.29-rc7
v2.6.29-rc8
v2.6.30
v2.6.30-rc1
v2.6.30-rc2
v2.6.30-rc3
v2.6.30-rc4
v2.6.30-rc5
v2.6.30-rc6
v2.6.30-rc7
v2.6.30-rc8
v2.6.31
v2.6.31-rc1
v2.6.31-rc2
v2.6.31-rc3
v2.6.31-rc4
v2.6.31-rc5
v2.6.31-rc6
v2.6.31-rc7
v2.6.31-rc8
v2.6.31-rc9
v2.6.32
v2.6.32-rc1
v2.6.32-rc2
v2.6.32-rc3
v2.6.32-rc4
v2.6.32-rc5
v2.6.32-rc6
v2.6.32-rc7
v2.6.32-rc8
v2.6.33
v2.6.33-rc1
v2.6.33-rc2
v2.6.33-rc3
v2.6.33-rc4
v2.6.33-rc5
v2.6.33-rc6
v2.6.33-rc7
v2.6.33-rc8
v2.6.34
v2.6.34-rc1
v2.6.34-rc2
v2.6.34-rc3
v2.6.34-rc4
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v2.6.35
v2.6.35-rc1
v2.6.35-rc2
v2.6.35-rc3
v2.6.35-rc4
v2.6.35-rc5
v2.6.35-rc6
v2.6.36
v2.6.36-rc1
v2.6.36-rc2
v2.6.36-rc3
v2.6.36-rc4
v2.6.36-rc5
v2.6.36-rc6
v2.6.36-rc7
v2.6.36-rc8
v2.6.37
v2.6.37-rc1
v2.6.37-rc2
v2.6.37-rc3
v2.6.37-rc4
v2.6.37-rc5
v2.6.37-rc6
v2.6.37-rc7
v2.6.37-rc8
v2.6.38
v2.6.38-rc1
v2.6.38-rc2
v2.6.38-rc3
v2.6.38-rc4
v2.6.38-rc5
v2.6.38-rc6
v2.6.38-rc7
v2.6.38-rc8
v2.6.39
v2.6.39-rc1
v2.6.39-rc2
v2.6.39-rc3
v2.6.39-rc4
v2.6.39-rc5
v2.6.39-rc6
v2.6.39-rc7
v3.*
v3.0
v3.0-rc1
v3.0-rc2
v3.0-rc3
v3.0-rc4
v3.0-rc5
v3.0-rc6
v3.0-rc7
v3.1
v3.1-rc1
v3.1-rc10
v3.1-rc2
v3.1-rc3
v3.1-rc4
v3.1-rc5
v3.1-rc6
v3.1-rc7
v3.1-rc8
v3.1-rc9
v3.10
v3.10-rc1
v3.10-rc2
v3.10-rc3
v3.10-rc4
v3.10-rc5
v3.10-rc6
v3.10-rc7
v3.11
v3.11-rc1
v3.11-rc2
v3.11-rc3
v3.11-rc4
v3.11-rc5
v3.11-rc6
v3.11-rc7
v3.12
v3.12-rc1
v3.12-rc2
v3.12-rc3
v3.12-rc4
v3.12-rc5
v3.12-rc6
v3.12-rc7
v3.13
v3.13-rc1
v3.13-rc2
v3.13-rc3
v3.13-rc4
v3.13-rc5
v3.13-rc6
v3.13-rc7
v3.13-rc8
v3.14
v3.14-rc1
v3.14-rc2
v3.14-rc3
v3.14-rc4
v3.14-rc5
v3.14-rc6
v3.14-rc7
v3.14-rc8
v3.15
v3.15-rc1
v3.15-rc2
v3.15-rc3
v3.15-rc4
v3.15-rc5
v3.15-rc6
v3.15-rc7
v3.15-rc8
v3.16
v3.16-rc1
v3.16-rc2
v3.16-rc3
v3.16-rc4
v3.16-rc5
v3.16-rc6
v3.16-rc7
v3.17
v3.17-rc1
v3.17-rc2
v3.17-rc3
v3.17-rc4
v3.17-rc5
v3.17-rc6
v3.17-rc7
v3.18
v3.18-rc1
v3.18-rc2
v3.18-rc3
v3.18-rc4
v3.18-rc5
v3.18-rc6
v3.18-rc7
v3.19
v3.19-rc1
v3.19-rc2
v3.19-rc3
v3.19-rc4
v3.19-rc5
v3.19-rc6
v3.19-rc7
v3.2
v3.2-rc1
v3.2-rc2
v3.2-rc3
v3.2-rc4
v3.2-rc5
v3.2-rc6
v3.2-rc7
v3.3
v3.3-rc1
v3.3-rc2
v3.3-rc3
v3.3-rc4
v3.3-rc5
v3.3-rc6
v3.3-rc7
v3.4
v3.4-rc1
v3.4-rc2
v3.4-rc3
v3.4-rc4
v3.4-rc5
v3.4-rc6
v3.4-rc7
v3.5
v3.5-rc1
v3.5-rc2
v3.5-rc3
v3.5-rc4
v3.5-rc5
v3.5-rc6
v3.5-rc7
v3.6
v3.6-rc1
v3.6-rc2
v3.6-rc3
v3.6-rc4
v3.6-rc5
v3.6-rc6
v3.6-rc7
v3.7
v3.7-rc1
v3.7-rc2
v3.7-rc3
v3.7-rc4
v3.7-rc5
v3.7-rc6
v3.7-rc7
v3.7-rc8
v3.8
v3.8-rc1
v3.8-rc2
v3.8-rc3
v3.8-rc4
v3.8-rc5
v3.8-rc6
v3.8-rc7
v3.9
v3.9-rc1
v3.9-rc2
v3.9-rc3
v3.9-rc4
v3.9-rc5
v3.9-rc6
v3.9-rc7
v3.9-rc8
v4.*
v4.0
v4.0-rc1
v4.0-rc2
v4.0-rc3
v4.0-rc4
v4.0-rc5
v4.0-rc6
v4.0-rc7
v4.1
v4.1-rc1
v4.1-rc2
v4.1-rc3
v4.1-rc4
v4.1-rc5
v4.1-rc6
v4.1-rc7
v4.1-rc8
v4.10
v4.10-rc1
v4.10-rc2
v4.10-rc3
v4.10-rc4
v4.10-rc5
v4.10-rc6
v4.10-rc7
v4.10-rc8
v4.11
v4.11-rc1
v4.11-rc2
v4.11-rc3
v4.11-rc4
v4.11-rc5
v4.11-rc6
v4.11-rc7
v4.11-rc8
v4.12
v4.12-rc1
v4.12-rc2
v4.12-rc3
v4.12-rc4
v4.12-rc5
v4.12-rc6
v4.12-rc7
v4.13
v4.13-rc1
v4.13-rc2
v4.13-rc3
v4.13-rc4
v4.13-rc5
v4.13-rc6
v4.13-rc7
v4.14
v4.14-rc1
v4.14-rc2
v4.14-rc3
v4.14-rc4
v4.14-rc5
v4.14-rc6
v4.14-rc7
v4.14-rc8
v4.15
v4.15-rc1
v4.15-rc2
v4.15-rc3
v4.15-rc4
v4.15-rc5
v4.15-rc6
v4.15-rc7
v4.15-rc8
v4.15-rc9
v4.16
v4.16-rc1
v4.16-rc2
v4.16-rc3
v4.16-rc4
v4.16-rc5
v4.16-rc6
v4.16-rc7
v4.17
v4.17-rc1
v4.17-rc2
v4.17-rc3
v4.17-rc4
v4.17-rc5
v4.17-rc6
v4.17-rc7
v4.18-rc1
v4.2
v4.2-rc1
v4.2-rc2
v4.2-rc3
v4.2-rc4
v4.2-rc5
v4.2-rc6
v4.2-rc7
v4.2-rc8
v4.3
v4.3-rc1
v4.3-rc2
v4.3-rc3
v4.3-rc4
v4.3-rc5
v4.3-rc6
v4.3-rc7
v4.4
v4.4-rc1
v4.4-rc2
v4.4-rc3
v4.4-rc4
v4.4-rc5
v4.4-rc6
v4.4-rc7
v4.4-rc8
v4.5
v4.5-rc1
v4.5-rc2
v4.5-rc3
v4.5-rc4
v4.5-rc5
v4.5-rc6
v4.5-rc7
v4.6
v4.6-rc1
v4.6-rc2
v4.6-rc3
v4.6-rc4
v4.6-rc5
v4.6-rc6
v4.6-rc7
v4.7
v4.7-rc1
v4.7-rc2
v4.7-rc3
v4.7-rc4
v4.7-rc5
v4.7-rc6
v4.7-rc7
v4.8
v4.8-rc1
v4.8-rc2
v4.8-rc3
v4.8-rc4
v4.8-rc5
v4.8-rc6
v4.8-rc7
v4.8-rc8
v4.9
v4.9-rc1
v4.9-rc2
v4.9-rc3
v4.9-rc4
v4.9-rc5
v4.9-rc6
v4.9-rc7
v4.9-rc8
Database specific
vanir_signatures
[
{
"id": "CVE-2018-12896-28e3de18",
"signature_version": "v1",
"digest": {
"function_hash": "22023615035054443685787805871590382035",
"length": 258.0
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Function",
"target": {
"file": "kernel/time/posix-timers.c",
"function": "common_hrtimer_rearm"
}
},
{
"id": "CVE-2018-12896-5807d64c",
"signature_version": "v1",
"digest": {
"function_hash": "2990970529004368528672836703713200219",
"length": 220.0
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Function",
"target": {
"file": "kernel/time/posix-timers.c",
"function": "SYSCALL_DEFINE1"
}
},
{
"id": "CVE-2018-12896-72996d38",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"175930821163590023436933614028268113219",
"230271682951812931991217875473602171340",
"163676601131796811240853319991152359208",
"200371280431240011775913715819151853889",
"78850416052757969437142691144033413107",
"283441175096289924288174297560996770652",
"80399396701022801230570079745502308421",
"151738374748891949487419315738010131523",
"85473842485298717907673490613915102957",
"180520422938937444518669893830442926689",
"197436076333945902810461376226683535948",
"125829118674456786209544398230868814979",
"290306739706245075628571628514506205837",
"270447036330343062542738753769631899063",
"201623699832595228429649740615522752965",
"176197214352863990909658907162327470831",
"115572443209617328295575408862586084728",
"52020091178367900186900034194766085568",
"135892142091976790040053832799064853343",
"194172168199868961431342296499440288180",
"283501750818869507713670729635463823605",
"35508667710854836396230074738720129772",
"168228883523315982890572996866914398281",
"174847223604876171502315192199328523871",
"288261371254888345346376316444865097638",
"288516662158115895069887963517689046514",
"44619485569779683981807040101252742201",
"329788470509232646728294715517991069821",
"267811146716476021340765291342723878012",
"336376176148648431640554060248088048546",
"184149494695944815898520453826099474740",
"107186798974721528188993410529460402970",
"259430091548050370480008464869482709375"
]
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Line",
"target": {
"file": "kernel/time/posix-timers.c"
}
},
{
"id": "CVE-2018-12896-75773abc",
"signature_version": "v1",
"digest": {
"function_hash": "236085400592294588209546954528709938341",
"length": 439.0
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Function",
"target": {
"file": "kernel/time/posix-timers.c",
"function": "posixtimer_rearm"
}
},
{
"id": "CVE-2018-12896-7d9fbdde",
"signature_version": "v1",
"digest": {
"function_hash": "280956218012416674224360632768002112411",
"length": 1619.0
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Function",
"target": {
"file": "kernel/time/posix-timers.c",
"function": "do_timer_create"
}
},
{
"id": "CVE-2018-12896-85879a4d",
"signature_version": "v1",
"digest": {
"function_hash": "339949508028308134372832372927539693015",
"length": 709.0
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Function",
"target": {
"file": "kernel/time/posix-timers.c",
"function": "common_timer_get"
}
},
{
"id": "CVE-2018-12896-85fd06d7",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"292525619461716687355863334898740645420",
"232228245603791600699792271748953188878",
"334350742108248097167244249919962835212",
"10470993497216544244215183174136044603",
"88750299166975156350515632596685947927"
]
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Line",
"target": {
"file": "include/linux/posix-timers.h"
}
},
{
"id": "CVE-2018-12896-8d78eea3",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"161999707263154274706565526590521668110",
"6542059301274459544384634894977823087",
"118405530293422808162009904058868234923",
"182527382648643014701340088123053880354"
]
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Line",
"target": {
"file": "kernel/time/posix-cpu-timers.c"
}
},
{
"id": "CVE-2018-12896-f1201ead",
"signature_version": "v1",
"digest": {
"function_hash": "46254973314291476133517244706670863776",
"length": 482.0
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Function",
"target": {
"file": "kernel/time/posix-cpu-timers.c",
"function": "bump_cpu_timer"
}
},
{
"id": "CVE-2018-12896-fef6e724",
"signature_version": "v1",
"digest": {
"function_hash": "153791653160773798006821421596376140573",
"length": 758.0
},
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76",
"signature_type": "Function",
"target": {
"file": "kernel/time/posix-timers.c",
"function": "posix_timer_fn"
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12896.json"