Race Condition Vulnerability in Jungo Windriver by Wind River
CVE-2018-5189

7.8HIGH

Key Information:

Vendor: Jungo
Status: Windriver
Vendor: CVE Published:; 11 January 2018

What is CVE-2018-5189?

A race condition in Jungo Windriver version 12.5.1 allows local users to exploit a flaw related to buffer size adjustments. This vulnerability can lead to a denial of service due to buffer overflow or potentially escalate privileges within the system. The issue stems from insufficient synchronization when accessing shared resources, leading to what is known as a 'double fetch' scenario. Attackers can manipulate the timing of operations to gain unauthorized access or disrupt service.

References

https://www.fidusinfosec.com/jungo-windriver-code-executi...

x_refsource_MISC

https://www.exploit-db.com/exploits/43494/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2018
Vulnerability Reserved
Jan 3, 2018