Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-8781

Опубликовано: 21 мар. 2018
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.

A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelAffected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2018:309630.10.2018
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2018:294830.10.2018
Red Hat Enterprise Linux 7kernelFixedRHSA-2018:308330.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1571062kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space

EPSS

Процентиль: 30%
0.00106
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-8781

CVSS3: 7.8
ubuntu
около 7 лет назад

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.

nvd логотип

CVE-2018-8781

CVSS3: 7.8
nvd
около 7 лет назад

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.

debian логотип

CVE-2018-8781

CVSS3: 7.8
debian
около 7 лет назад

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux ...

github логотип

GHSA-c9m9-x3p2-fwvw

CVSS3: 7.8
github
около 3 лет назад

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.

suse-cvrf логотип

SUSE-SU-2018:1539-1

suse-cvrf
около 7 лет назад

Security update for the Linux Kernel (Live Patch 33 for SLE 12)

EPSS

Процентиль: 30%
0.00106
Низкий

7 High

CVSS3