Login Sign Up

CVE-2018-20784

9.8 CRITICAL
Denial of Service

📋 TL;DR

A Linux kernel scheduler vulnerability allows attackers to trigger an infinite loop in the update_blocked_averages function by inducing high system load. This can cause denial of service (system hang) or potentially other unspecified impacts. Affects Linux systems running kernel versions before 4.20.2.

💻 Affected Systems

Products:
  • Linux kernel
Versions: All versions before 4.20.2
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires ability to create high system load. Affects all configurations using the default scheduler.

📦 What is this software?

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux For Real Time by Redhat

View all CVEs affecting Enterprise Linux For Real Time →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system hang requiring hard reboot, potential for privilege escalation or data corruption in unspecified scenarios.

🟠

Likely Case

Denial of service causing system unresponsiveness, requiring reboot to recover.

🟢

If Mitigated

Limited impact if system load is controlled and monitoring detects abnormal behavior early.

🌐 Internet-Facing: MEDIUM - Requires ability to induce high load, which could be achieved through network requests.
🏢 Internal Only: HIGH - Internal users or processes could intentionally or accidentally trigger the condition.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to induce sustained high load on the system, which could be achieved through various means including malicious processes or resource exhaustion attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 4.20.2 and later

Vendor Advisory: https://access.redhat.com/errata/RHSA-2019:1959

Restart Required: Yes

Instructions:

1. Update kernel to version 4.20.2 or later. 2. For Red Hat systems: yum update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Load limiting

linux

Implement system load monitoring and limiting to prevent conditions that could trigger the vulnerability

# Use cgroups to limit process resources
# Implement ulimit restrictions
# Monitor system load with tools like atop or sar

🧯 If You Can't Patch

  • Implement strict resource limits using cgroups to prevent high load conditions
  • Monitor system load and implement automated alerts for abnormal load patterns

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is earlier than 4.20.2, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

After patching, verify kernel version is 4.20.2 or later with: uname -r

📡 Detection & Monitoring

Log Indicators:

  • Kernel hangs or watchdog timeouts
  • High CPU usage without corresponding process activity
  • System becoming unresponsive

Network Indicators:

  • Sudden drop in service availability
  • Increased timeout errors from affected system

SIEM Query:

source="kernel" AND ("watchdog" OR "hung" OR "stall") OR (source="system" AND load>threshold)

📊 Metadata

CVE ID: CVE-2018-20784
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-835
Published: February 22, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-20784, you might also want to check these:

CVE-2021-42143 9.1

This vulnerability in Contiki-NG tinyDTLS allows remote attackers to cause denial of service and pot...

Same vulnerability type (CWE-835)
CVE-2026-25533 8.8

This vulnerability allows attackers to bypass multiple security layers in Enclave, a JavaScript sand...

Same vulnerability type (CWE-835)
CVE-2023-20083 8.6

A vulnerability in Cisco Firepower Threat Defense (FTD) Software's ICMPv6 inspection with Snort 2 al...

Same vulnerability type (CWE-835)