CVE-2018-20855

An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-07-26 05:15

Updated : 2023-12-10 12:59


NVD link : CVE-2018-20855

Mitre link : CVE-2018-20855

CVE.ORG link : CVE-2018-20855


JSON object : View

Products Affected

netapp

  • active_iq_unified_manager
  • element_software
  • data_availability_services
  • active_iq_performance_analytics_services

opensuse

  • leap

linux

  • linux_kernel
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer