CVE-2018-18397
First published: Mon Oct 22 2018(Updated: )
A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behaviour. At this time there is an understanding there is no crash or priviledge escalation but the impact of modifications on these filesystems of files in production systems may have adverse affects. A suggested upstream patch: <a href="https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u">https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u</a> An upstream patchset: 9e368259ad988356c4c95150fafd1a06af095d98 userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails 5b51072e97d587186c2f5390c8c9c1fb7e179505 userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem 29ec90660d68bbdd69507c1c8b4e33aa299278b1 userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas e2a50c1f64145a04959df2442305d57307e5395a userfaultfd: shmem: add i_size checks dcf7fe9d89763a28e0f43975b422ff141fe79e43 userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <4.19.7 | |
| Redhat Openshift Container Platform | =3.11 | |
| Redhat Virtualization Host | =4.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.4 | |
| Redhat Enterprise Linux Server Aus | =7.6 | |
| Redhat Enterprise Linux Server Eus | =7.4 | |
| Redhat Enterprise Linux Server Eus | =7.5 | |
| Redhat Enterprise Linux Server Eus | =7.6 | |
| Redhat Enterprise Linux Server Tus | =7.4 | |
| Redhat Enterprise Linux Server Tus | =7.6 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =18.10 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.5-1 6.11.7-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1
- https://access.redhat.com/errata/RHBA-2019:0327
- https://access.redhat.com/errata/RHSA-2019:0163
- https://access.redhat.com/errata/RHSA-2019:0202
- https://access.redhat.com/errata/RHSA-2019:0324
- https://access.redhat.com/errata/RHSA-2019:0831
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1700
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7
- https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1
- https://usn.ubuntu.com/3901-1/
- https://usn.ubuntu.com/3901-2/
- https://usn.ubuntu.com/3903-1/
- https://usn.ubuntu.com/3903-2/
- https://launchpad.net/bugs/cve/CVE-2018-18397
- https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1640515
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1658740
- https://bugzilla.redhat.com/show_bug.cgi?id=1641548
- https://security-tracker.debian.org/tracker/CVE-2018-18397
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18397
- https://nvd.nist.gov/vuln/detail/CVE-2018-18397
- https://ubuntu.com/security/CVE-2018-18397
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-18397
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/linux
- canonical/linux linux kernel
- vendor/redhat
- canonical/redhat openshift container platform
- version/redhat openshift container platform/3.11
- canonical/redhat virtualization host
- version/redhat virtualization host/4.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.5
- version/redhat enterprise linux server eus/7.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.4
- version/redhat enterprise linux server tus/7.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/18.10
- package-manager/debian