High severity7.8NVD Advisory· Published Oct 17, 2018· Updated Jun 17, 2026
CVE-2018-18445
CVE-2018-18445
Description
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
37- osv-coords36 versionspkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/kernel-livepatch-SLE15_Update_7&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4
< 4.12.14-5.16.1+ 35 more
- (no CPE)range: < 4.12.14-5.16.1
- (no CPE)range: < 4.12.14-6.3.1
- (no CPE)range: < 4.12.14-6.3.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 1-1.3.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-95.3.2
- (no CPE)range: < 4.12.14-5.16.1
- (no CPE)range: < 4.12.14-6.3.1
- (no CPE)range: < 4.12.14-6.3.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-5.16.1
- (no CPE)range: < 4.12.14-6.3.1
- (no CPE)range: < 4.12.14-6.3.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-95.3.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 4.12.14-25.25.1
- (no CPE)range: < 1-7.1
Patches
Vulnerability mechanics
References
13- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdPatchThird Party Advisory
- bugs.chromium.org/p/project-zero/issues/detailnvdIssue TrackingPatchThird Party Advisory
- cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75nvdPatchRelease NotesThird Party Advisory
- cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13nvdPatchRelease NotesThird Party Advisory
- github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681nvdPatchThird Party Advisory
- access.redhat.com/errata/RHSA-2019:0512nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:0514nvdThird Party Advisory
- support.f5.com/csp/article/K38456756nvdThird Party Advisory
- usn.ubuntu.com/3832-1/nvdThird Party Advisory
- usn.ubuntu.com/3835-1/nvdThird Party Advisory
- usn.ubuntu.com/3847-1/nvdThird Party Advisory
- usn.ubuntu.com/3847-2/nvdThird Party Advisory
- usn.ubuntu.com/3847-3/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.