First published: Wed Oct 17 2018(Updated: )
A security flaw was found in the Linux kernel in the adjust_scalar_min_max_vals() function in kernel/bpf/verifier.c. A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because this function mishandles 32-bit right shifts. A local unprivileged user cannot leverage this flaw, but as a privileged user ("root") this can lead to a system panic and a denial of service or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. References: <a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=1686">https://bugs.chromium.org/p/project-zero/issues/detail?id=1686</a> <a href="https://seclists.org/oss-sec/2018/q4/69">https://seclists.org/oss-sec/2018/q4/69</a> An upstream patch: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=4.14.9<4.14.75 | |
Linux Linux kernel | >=4.15<4.18.13 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server | =7.6 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Eus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Workstation | =7.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.