Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-18397

Опубликовано: 12 дек. 2018
Источник: ubuntu
Приоритет: medium
CVSS2: 2.1
CVSS3: 5.5

Описание

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.

РелизСтатусПримечание
bionic

released

4.15.0-46.49
cosmic

released

4.18.0-16.17
devel

not-affected

4.19.0-12.13
esm-infra-legacy/trusty

not-affected

3.11.0-12.19
esm-infra/bionic

not-affected

4.15.0-46.49
esm-infra/xenial

not-affected

4.2.0-16.19
precise/esm

ignored

end of life, was needs-triage
trusty

not-affected

3.11.0-12.19
trusty/esm

not-affected

3.11.0-12.19
upstream

released

4.20~rc5

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1033.35
cosmic

released

4.18.0-1011.13
devel

not-affected

4.18.0-1011.13
esm-infra-legacy/trusty

not-affected

4.4.0-1002.2
esm-infra/bionic

not-affected

4.15.0-1033.35
esm-infra/xenial

not-affected

4.4.0-1001.10
precise/esm

DNE

trusty

not-affected

4.4.0-1002.2
trusty/esm

not-affected

4.4.0-1002.2
upstream

released

4.20~rc5

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

4.15.0-1033.35~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5
xenial

released

4.15.0-1033.35~16.04.1

Показывать по

РелизСтатусПримечание
bionic

released

4.18.0-1013.13~18.04.1
cosmic

released

4.18.0-1013.13
devel

not-affected

4.18.0-1013.13
esm-infra-legacy/trusty

not-affected

4.15.0-1040.44~14.04.1
esm-infra/bionic

not-affected

4.18.0-1013.13~18.04.1
esm-infra/xenial

not-affected

4.15.0-1040.44
precise/esm

DNE

trusty

released

4.15.0-1040.44~14.04.1
trusty/esm

not-affected

4.15.0-1040.44~14.04.1
upstream

released

4.20~rc5

Показывать по

РелизСтатусПримечание
bionic

released

4.18.0-1013.13~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-1013.13~18.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5
xenial

released

4.15.0-1040.44

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5
xenial

ignored

end of standard support, was needs-triage

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc5
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1028.29
cosmic

released

4.18.0-1007.8
devel

not-affected

4.18.0-1007.8
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.15.0-1028.29
esm-infra/xenial

not-affected

4.15.0-1028.29~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5

Показывать по

РелизСтатусПримечание
bionic

released

4.18.0-1007.8~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-1007.8~18.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc5
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc5
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

released

4.18.0-16.17~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-16.17~18.04.1
esm-infra/xenial

not-affected

4.15.0-46.49~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5

Показывать по

РелизСтатусПримечание
bionic

not-affected

5.0.0-8.9~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

5.0.0-8.9~18.04.1
esm-infra/xenial

not-affected

4.15.0-46.49~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1030.30
cosmic

released

4.18.0-1008.8
devel

not-affected

4.18.0-1008.8
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.15.0-1030.30
esm-infra/xenial

not-affected

4.4.0-1004.9
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

ignored

end of life, was needs-triage
trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.20~rc5
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.20~rc5
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.20~rc5
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-13.29~14.04.1
precise/esm

DNE

trusty

not-affected

4.4.0-13.29~14.04.1
trusty/esm

not-affected

4.4.0-13.29~14.04.1
upstream

released

4.20~rc5
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc5
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc5
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc5
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1034.39
cosmic

released

4.15.0-1034.39
devel

not-affected

4.15.0-1034.39
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.15.0-1034.39
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5
xenial

ignored

end of standard support, was needs-triage

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1009.11
cosmic

not-affected

devel

not-affected

4.15.0-1009.11
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.15.0-1009.11
esm-infra/xenial

not-affected

4.15.0-1009.11~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1032.34
cosmic

released

4.18.0-1010.12
devel

not-affected

4.18.0-1010.12
esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5
xenial

not-affected

4.2.0-1013.19

Показывать по

РелизСтатусПримечание
bionic

not-affected

cosmic

DNE

devel

not-affected

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc5
xenial

not-affected

4.4.0-1012.12

Показывать по

Ссылки на источники

2.1 Low

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-18397

CVSS3: 6.1
redhat
больше 6 лет назад

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.

nvd логотип

CVE-2018-18397

CVSS3: 5.5
nvd
больше 6 лет назад

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.

debian логотип

CVE-2018-18397

CVSS3: 5.5
debian
больше 6 лет назад

The userfaultfd implementation in the Linux kernel before 4.19.7 misha ...

github логотип

GHSA-7cx6-7887-9rwv

CVSS3: 5.5
github
около 3 лет назад

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.

fstec логотип

BDU:2020-00620

CVSS3: 5.5
fstec
больше 6 лет назад

Уязвимость компонента userfaultfd ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

2.1 Low

CVSS2

5.5 Medium

CVSS3