{"id":"CVE-2018-18559","details":"In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.","modified":"2026-03-12T22:48:20.827098Z","published":"2018-10-22T16:29:00.360Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0163"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1190"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3967"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:4159"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2020:0174"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2019:0327"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0188"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1170"},{"type":"FIX","url":"https://blogs.securiteam.com/index.php/archives/3731"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.2.95"},{"fixed":"3.2.100"}]},{"events":[{"introduced":"3.14.58"},{"fixed":"3.15"}]},{"events":[{"introduced":"3.18.25"},{"fixed":"3.18.88"}]},{"events":[{"introduced":"4.1.14"},{"fixed":"4.1.49"}]},{"events":[{"introduced":"4.2.7"},{"fixed":"4.3"}]},{"events":[{"introduced":"4.3.1"},{"fixed":"4.4.106"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.9.70"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-18559.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}