medium
5.5
CWE
863
Advisory Published
CVE Published
Updated

CVE-2018-18397

First published: Mon Oct 22 2018(Updated: )

A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behaviour. At this time there is an understanding there is no crash or priviledge escalation but the impact of modifications on these filesystems of files in production systems may have adverse affects. A suggested upstream patch: <a href="https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u">https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u</a> An upstream patchset: 9e368259ad988356c4c95150fafd1a06af095d98 userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails 5b51072e97d587186c2f5390c8c9c1fb7e179505 userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem 29ec90660d68bbdd69507c1c8b4e33aa299278b1 userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas e2a50c1f64145a04959df2442305d57307e5395a userfaultfd: shmem: add i_size checks dcf7fe9d89763a28e0f43975b422ff141fe79e43 userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Linux Linux kernel<4.19.7
Redhat Openshift Container Platform=3.11
Redhat Virtualization Host=4.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.4
Redhat Enterprise Linux Server Aus=7.6
Redhat Enterprise Linux Server Eus=7.4
Redhat Enterprise Linux Server Eus=7.5
Redhat Enterprise Linux Server Eus=7.6
Redhat Enterprise Linux Server Tus=7.4
Redhat Enterprise Linux Server Tus=7.6
Redhat Enterprise Linux Workstation=7.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
ubuntu/linux<4.15.0-46.49
4.15.0-46.49
ubuntu/linux<4.18.0-16.17
4.18.0-16.17
ubuntu/linux<4.20~
4.20~
ubuntu/linux-aws<4.15.0-1033.35
4.15.0-1033.35
ubuntu/linux-aws<4.18.0-1011.13
4.18.0-1011.13
ubuntu/linux-aws<4.20~
4.20~
ubuntu/linux-aws-hwe<4.20~
4.20~
ubuntu/linux-aws-hwe<4.15.0-1033.35~16.04.1
4.15.0-1033.35~16.04.1
ubuntu/linux-azure<4.18.0-1013.13~18.04.1
4.18.0-1013.13~18.04.1
ubuntu/linux-azure<4.18.0-1013.13
4.18.0-1013.13
ubuntu/linux-azure<4.15.0-1040.44~14.04.1
4.15.0-1040.44~14.04.1
ubuntu/linux-azure<4.20~
4.20~
ubuntu/linux-azure<4.15.0-1040.44
4.15.0-1040.44
ubuntu/linux-azure-edge<4.18.0-1013.13~18.04.1
4.18.0-1013.13~18.04.1
ubuntu/linux-azure-edge<4.20~
4.20~
ubuntu/linux-azure-edge<4.15.0-1040.44
4.15.0-1040.44
ubuntu/linux-euclid<4.20~
4.20~
ubuntu/linux-flo<4.20~
4.20~
ubuntu/linux-gcp<4.15.0-1028.29
4.15.0-1028.29
ubuntu/linux-gcp<4.18.0-1007.8
4.18.0-1007.8
ubuntu/linux-gcp<4.20~
4.20~
ubuntu/linux-gcp<4.15.0-1028.29~16.04.1
4.15.0-1028.29~16.04.1
ubuntu/linux-gcp-edge<4.18.0-1007.8~18.04.1
4.18.0-1007.8~18.04.1
ubuntu/linux-gcp-edge<4.20~
4.20~
ubuntu/linux-gke<4.20~
4.20~
ubuntu/linux-goldfish<4.20~
4.20~
ubuntu/linux-grouper<4.20~
4.20~
ubuntu/linux-hwe<4.18.0-16.17~18.04.1
4.18.0-16.17~18.04.1
ubuntu/linux-hwe<4.20~
4.20~
ubuntu/linux-hwe<4.15.0-46.49~16.04.1
4.15.0-46.49~16.04.1
ubuntu/linux-hwe-edge<4.20~
4.20~
ubuntu/linux-hwe-edge<4.15.0-46.49~16.04.1
4.15.0-46.49~16.04.1
ubuntu/linux-kvm<4.15.0-1030.30
4.15.0-1030.30
ubuntu/linux-kvm<4.18.0-1008.8
4.18.0-1008.8
ubuntu/linux-kvm<4.20~
4.20~
ubuntu/linux-lts-trusty<4.20~
4.20~
ubuntu/linux-lts-utopic<4.20~
4.20~
ubuntu/linux-lts-vivid<4.20~
4.20~
ubuntu/linux-lts-wily<4.20~
4.20~
ubuntu/linux-lts-xenial<4.20~
4.20~
ubuntu/linux-maguro<4.20~
4.20~
ubuntu/linux-mako<4.20~
4.20~
ubuntu/linux-manta<4.20~
4.20~
ubuntu/linux-oem<4.15.0-1034.39
4.15.0-1034.39
ubuntu/linux-oem<4.15.0-1034.39
4.15.0-1034.39
ubuntu/linux-oem<4.20~
4.20~
ubuntu/linux-oracle<4.15.0-1009.11
4.15.0-1009.11
ubuntu/linux-oracle<4.20~
4.20~
ubuntu/linux-oracle<4.15.0-1009.11~16.04.1
4.15.0-1009.11~16.04.1
ubuntu/linux-raspi2<4.15.0-1032.34
4.15.0-1032.34
ubuntu/linux-raspi2<4.18.0-1010.12
4.18.0-1010.12
ubuntu/linux-raspi2<4.20~
4.20~
ubuntu/linux-snapdragon<4.20~
4.20~
debian/linux
4.19.249-2
4.19.304-1
5.10.209-2
5.10.205-2
6.1.76-1
6.1.85-1
6.6.15-2
6.7.12-1

Remedy

https://git.kernel.org/linus/4c27fe4c4c84f3afd504ecff2420cc1ad420d38e

Remedy

https://git.kernel.org/linus/9e368259ad988356c4c95150fafd1a06af095d98

Remedy

https://git.kernel.org/linus/5b51072e97d587186c2f5390c8c9c1fb7e179505

Remedy

https://git.kernel.org/linus/29ec90660d68bbdd69507c1c8b4e33aa299278b1

Remedy

https://git.kernel.org/linus/e2a50c1f64145a04959df2442305d57307e5395a

Remedy

https://git.kernel.org/linus/dcf7fe9d89763a28e0f43975b422ff141fe79e43

Remedy

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1

Remedy

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87

Remedy

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7

Remedy

https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203