Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-18955

Опубликовано: 16 нояб. 2018
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 4.4
CVSS3: 7

Описание

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

РелизСтатусПримечание
bionic

released

4.15.0-42.45
cosmic

released

4.18.0-12.13
devel

not-affected

4.19.0-12.13
esm-infra-legacy/trusty

not-affected

3.11.0-12.19
esm-infra/bionic

released

4.15.0-42.45
esm-infra/xenial

not-affected

4.2.0-16.19
precise/esm

not-affected

3.0.0-12.20
trusty

not-affected

3.11.0-12.19
trusty/esm

not-affected

3.11.0-12.19
upstream

released

4.20~rc2

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1029.30
cosmic

released

4.18.0-1006.7
devel

not-affected

4.18.0-1006.7
esm-infra-legacy/trusty

not-affected

4.4.0-1002.2
esm-infra/bionic

released

4.15.0-1029.30
esm-infra/xenial

not-affected

4.4.0-1001.10
precise/esm

DNE

trusty

not-affected

4.4.0-1002.2
trusty/esm

not-affected

4.4.0-1002.2
upstream

released

4.20~rc2

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

4.15.0-1030.31~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2
xenial

not-affected

4.15.0-1030.31~16.04.1

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1035.36
cosmic

released

4.18.0-1006.6
devel

not-affected

4.18.0-1006.6
esm-infra-legacy/trusty

released

4.15.0-1035.36~14.04.2
esm-infra/bionic

released

4.15.0-1035.36
esm-infra/xenial

released

4.15.0-1035.36~16.04.1
precise/esm

DNE

trusty

released

4.15.0-1035.36~14.04.2
trusty/esm

released

4.15.0-1035.36~14.04.2
upstream

released

4.20~rc2

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1035.36
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.15.0-1035.36
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2
xenial

released

4.15.0-1035.36~16.04.1

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2
xenial

not-affected

4.4.0-9019.20

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc2
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1025.26
cosmic

released

4.18.0-1004.5
devel

not-affected

4.18.0-1004.5
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.15.0-1025.26
esm-infra/xenial

released

4.15.0-1025.26~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2

Показывать по

РелизСтатусПримечание
bionic

not-affected

4.18.0-1004.5~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-1004.5~18.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc2
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc2
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

not-affected

4.18.0-13.14~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-13.14~18.04.1
esm-infra/xenial

released

4.15.0-42.45~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2

Показывать по

РелизСтатусПримечание
bionic

not-affected

4.18.0-12.13~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.18.0-12.13~18.04.1
esm-infra/xenial

released

4.15.0-42.45~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1027.27
cosmic

released

4.18.0-1005.5
devel

not-affected

4.18.0-1005.5
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.15.0-1027.27
esm-infra/xenial

not-affected

4.4.0-1004.9
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

not-affected

3.13.0-24.46~precise1
trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.20~rc2
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.20~rc2
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.20~rc2
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-13.29~14.04.1
precise/esm

DNE

trusty

not-affected

4.4.0-13.29~14.04.1
trusty/esm

not-affected

4.4.0-13.29~14.04.1
upstream

released

4.20~rc2
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc2
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc2
xenial

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc2
xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1028.33
cosmic

released

4.15.0-1028.33
devel

not-affected

4.15.0-1028.33
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.15.0-1028.33
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2
xenial

ignored

end of standard support, was needs-triage

Показывать по

РелизСтатусПримечание
bionic

not-affected

4.15.0-1007.9
cosmic

not-affected

devel

not-affected

4.15.0-1007.9
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

4.15.0-1007.9
esm-infra/xenial

not-affected

4.15.0-1007.9~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2

Показывать по

РелизСтатусПримечание
bionic

released

4.15.0-1029.31
cosmic

released

4.18.0-1007.9
devel

not-affected

4.18.0-1009.11
esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2
xenial

not-affected

4.2.0-1013.19

Показывать по

РелизСтатусПримечание
bionic

not-affected

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc2
xenial

not-affected

4.4.0-1012.12

Показывать по

Ссылки на источники

EPSS

Процентиль: 94%
0.1222
Средний

4.4 Medium

CVSS2

7 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-18955

CVSS3: 7.8
redhat
около 7 лет назад

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

nvd логотип

CVE-2018-18955

CVSS3: 7
nvd
около 7 лет назад

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

debian логотип

CVE-2018-18955

CVSS3: 7
debian
около 7 лет назад

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() i ...

github логотип

GHSA-c6xj-3c77-g5rg

CVSS3: 7
github
больше 3 лет назад

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

fstec логотип

BDU:2019-00432

CVSS3: 7
fstec
больше 7 лет назад

Уязвимость функции map_write() ("kernel/user_namespace.c") ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 94%
0.1222
Средний

4.4 Medium

CVSS2

7 High

CVSS3

Уязвимость CVE-2018-18955