Vulnerability Details : CVE-2018-17182
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Vulnerability category: Memory Corruption
Products affected by CVE-2018-17182
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-17182
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-17182
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-17182
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-17182
-
https://access.redhat.com/errata/RHSA-2018:3656
RHSA-2018:3656 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.exploit-db.com/exploits/45497/
Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
https://www.debian.org/security/2018/dsa-4308
Debian -- Security Information -- DSA-4308-1 linuxThird Party Advisory
-
http://www.securityfocus.com/bid/106503
Linux Kernel Components Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://usn.ubuntu.com/3777-3/
USN-3777-3: Linux kernel (Azure) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3777-2/
USN-3777-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
[SECURITY] [DLA 1531-1] linux-4.9 security updateThird Party Advisory
-
https://usn.ubuntu.com/3776-1/
USN-3776-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20190204-0001/
September 2018 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityPatch;Third Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Third Party Advisory
-
https://usn.ubuntu.com/3777-1/
USN-3777-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3776-2/
USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securitytracker.com/id/1041748
Linux Kernel Cache Invalidation Bug Lets Local Users Gain Elevated Privileges - SecurityTrackerPatch;Third Party Advisory;VDB Entry
-
https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
mm: get rid of vmacache_flush_all() entirely · torvalds/linux@7a9cdeb · GitHubPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/105417
Linux Kernel 'mm/vmacache.c' Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://www.openwall.com/lists/oss-security/2018/09/18/4
oss-security - Linux kernel: potential local priviledge escalation bug in vmacache codeMailing List;Third Party Advisory
Jump to