CVE-2018-14775

Published: Aug 1, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.

Affected (2)

Products: Openbsd: Openbsd

Openbsd

1 product

Openbsd

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openbsd Openbsd	Version 6.2
Openbsd Openbsd	Version 6.3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/i386/gdt.c

Source: cve@mitre.org

Issue TrackingPatchVendor Advisory

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/i386/gdt.c.diff?r1=1.37&r2=1.37.8.1&f=h

Source: cve@mitre.org

PatchVendor Advisory

http://www.securitytracker.com/id/1041550

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/020_ioport.patch.sig

Source: cve@mitre.org

PatchVendor Advisory

https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/015_ioport.patch.sig

Source: cve@mitre.org

PatchVendor Advisory

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/i386/gdt.c