CVE-2018-17182
published 2018-09-19CVE-2018-17182: An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker…
PriorityP351high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.21%
86.6th percentile
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.18.10-1 (bookworm) | linux 4.18.10-1 (bookworm) |
| android | — | — | |
| linux | linux_kernel | >= 0 < 4.18.10-1 | 4.18.10-1 |
| linux | linux_kernel | >= 0 < 4.18.10-1 | 4.18.10-1 |
| linux | linux_kernel | >= 0 < 4.18.10-1 | 4.18.10-1 |
| linux | linux_kernel | >= 0 < 4.18.10-1 | 4.18.10-1 |
| linux | linux_kernel | >= 0 < 4.4.0-137.163 | 4.4.0-137.163 |
| linux | linux_kernel | >= 0 < 4.15.0-36.39 | 4.15.0-36.39 |
| linux | linux_kernel | >= 3.16 < 3.16.58 | 3.16.58 |
| linux | linux_kernel | >= 3.17 < 3.18.123 | 3.18.123 |
| linux | linux_kernel | >= 3.19 < 4.4.157 | 4.4.157 |
| linux | linux_kernel | >= 4.10 < 4.14.71 | 4.14.71 |
| linux | linux_kernel | >= 4.15 < 4.18.9 | 4.18.9 |
| linux | linux_kernel | >= 4.5 < 4.9.128 | 4.9.128 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2018-17182: Memory Manager
vendor_android·2019-01-01·CVSS 7.8
CVE-2018-17182 [HIGH] CVE-2018-17182: Memory Manager
Android Security Bulletin 2019-01-01
CVE: CVE-2018-17182
Severity: HIGH
Type: EoP
Component: Memory Manager
References: A-117280327
Upstream kernel
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2018-10-23·CVSS 5.6
CVE-2017-5715 [MEDIUM] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
%LTS. This update provides the corresponding updates for the
Linux kernel for Azure Cloud systems.
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2018-10-01·CVSS 7.0
CVE-2018-10853 [HIGH] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
at
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-10-01·CVSS 5.5
CVE-2017-18216 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018-15594)
It was discovered that microprocessors utilizing speculative execution and
prediction of return addresses via Return Stack Buffer (RSB) may allow
u
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2018-10-01·CVSS 5.5
CVE-2017-18216 [MEDIUM] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A l
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-10-01·CVSS 7.0
CVE-2018-10853 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018-15594)
It was discovered that microprocessors utilizing speculative execution and
prediction of return addresses via Return Stack Buffer (RSB) may allow
u
Red Hat
kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation
vendor_redhat·2018-09-13·CVSS 7.8
CVE-2018-17182 [HIGH] CWE-416 kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation
kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
A security flaw was discovered in the Linux kernel. The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise
Debian
CVE-2018-17182: linux - An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_a...
vendor_debian·2018·CVSS 7.8
CVE-2018-17182 [HIGH] CVE-2018-17182: linux - An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_a...
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Scope: local
bookworm: resolved (fixed in 4.18.10-1)
bullseye: resolved (fixed in 4.18.10-1)
forky: resolved (fixed in 4.18.10-1)
sid: resolved (fixed in 4.18.10-1)
trixie: resolved (fixed in 4.18.10-1)
GHSA
GHSA-v788-jmxr-wgj9: An issue was discovered in the Linux kernel through 4
ghsa_unreviewed·2022-05-14
CVE-2018-17182 [HIGH] CWE-416 GHSA-v788-jmxr-wgj9: An issue was discovered in the Linux kernel through 4
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
OSV
linux-azure vulnerabilities
osv·2018-10-23·CVSS 5.6
CVE-2018-17182 [MEDIUM] linux-azure vulnerabilities
linux-azure vulnerabilities
USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
%LTS. This update provides the corresponding updates for the
Linux kernel for Azure Cloud systems.
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018-15594)
It was discovered that microprocessors utilizing sp
OSV
linux-hwe, linux-gcp vulnerabilities
osv·2018-10-01·CVSS 7.8
[HIGH] linux-hwe, linux-gcp vulnerabilities
linux-hwe, linux-gcp vulnerabilities
USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018-15594)
OSV
linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
osv·2018-10-01·CVSS 7.8
CVE-2018-17182 [HIGH] linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018-15594)
It was discovered that microprocessors utilizing speculative execution and
prediction of return addresses via Return Stack Buffer (RSB) may allow
unauthorized memory rea
OSV
linux-lts-xenial, linux-aws vulnerabilities
osv·2018-10-01·CVSS 5.5
[MEDIUM] linux-lts-xenial, linux-aws vulnerabilities
linux-lts-xenial, linux-aws vulnerabilities
USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
osv·2018-10-01·CVSS 5.5
CVE-2018-17182 [MEDIUM] linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)
It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018-15594)
It was discovered that microprocessors utilizing speculative execution and
prediction of return addresses via Return Stack Buffer (RSB) may allow
unauthorized memory reads v
OSV
CVE-2018-17182: An issue was discovered in the Linux kernel through 4
osv·2018-09-19·CVSS 7.8
CVE-2018-17182 [HIGH] CVE-2018-17182: An issue was discovered in the Linux kernel through 4
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Project0
A cache invalidation bug in Linux memory management - Project Zero
project_zero·2018-09-01·CVSS 7.8
CVE-2018-17182 [HIGH] A cache invalidation bug in Linux memory management - Project Zero
Posted by Jann Horn, Google Project Zero
This blogpost describes a way to exploit a Linux kernel bug (CVE-2018-17182) that exists since kernel version 3.16. While the bug itself is in code that is reachable even from relatively strongly sandboxed contexts, this blogpost only describes a way to exploit it in environments that use Linux kernels that haven't been configured for increased security (specifically, Ubuntu 18.04 with kernel linux-image-4.15.0-34-generic at version 4.15.0-34.37). This demonstrates how the kernel configuration can have a big impact on the difficulty of exploiting a kernel bug.
The bug report and the exploit are filed in our issue tracker as issue 1664.
Fixes for the issue are in the upstream stable releases 4.18.9, 4.14.71, 4.9.128, 4.4.157 and 3.16.58.
The b
No detection rules found.
Qualys
Hackers Exploit Facebook Bug, As Twitter DMs (Maybe) Got Misrouted
blogs_qualys·2018-10-02
Hackers Exploit Facebook Bug, As Twitter DMs (Maybe) Got Misrouted
In our latest security news digest, we check out the Facebook hack heard ’round the world, a Twitter bug that rattled users but may not amount to much, and a pair of serious Linux kernel vulnerabilities.
## Facebook scrambles to investigate major breach affecting tens of millions of users
The cyber security world shook on Friday upon learning that attackers exploited a software flaw on Facebook that allowed them to obtain access tokens for 50 million accounts, with another 40 million accounts possibly also affected.
Equally or even more concerning: The purloined tokens could have been used to access accounts in other websites into which their users log in with their Facebook credentials, such as Spotify and AirBnB.
Facebook inadvertently introduced the bug in July of last year. After i
Qualys
Hackers Exploit Facebook Bug, As Twitter DMs (Maybe) Got Misrouted | Qualys
blogs_qualys·2018-10-02
Hackers Exploit Facebook Bug, As Twitter DMs (Maybe) Got Misrouted | Qualys
In our latest security news digest, we check out the Facebook hack heard ’round the world, a Twitter bug that rattled users but may not amount to much, and a pair of serious Linux kernel vulnerabilities.
### Facebook scrambles to investigate major breach affecting tens of millions of users
The cyber security world shook on Friday upon learning that attackers exploited a software flaw on Facebook that allowed them to obtain access tokens for 50 million accounts, with another 40 million accounts possibly also affected.
Equally or even more concerning: The purloined tokens could have been used to access accounts in other websites into which their users log in with their Facebook credentials, such as Spotify and AirBnB.
Facebook inadvertently introduced the bug in July of last year. After
Bugzilla
CVE-2018-17182 kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation [fedora-all]
bugzilla·2018-09-20·CVSS 7.8
CVE-2018-17182 [HIGH] CVE-2018-17182 kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation [fedora-all]
CVE-2018-17182 kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Bugzilla
CVE-2018-17182 kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation
bugzilla·2018-09-20·CVSS 7.8
CVE-2018-17182 [HIGH] CVE-2018-17182 kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation
CVE-2018-17182 kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation
A security flaw was discovered in the Linux kernel. The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
References:
https://seclists.org/oss-sec/2018/q3/251
An upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1631206]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2http://www.securityfocus.com/bid/105417http://www.securityfocus.com/bid/106503http://www.securitytracker.com/id/1041748https://access.redhat.com/errata/RHSA-2018:3656https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2https://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlhttps://security.netapp.com/advisory/ntap-20190204-0001/https://usn.ubuntu.com/3776-1/https://usn.ubuntu.com/3776-2/https://usn.ubuntu.com/3777-1/https://usn.ubuntu.com/3777-2/https://usn.ubuntu.com/3777-3/https://www.debian.org/security/2018/dsa-4308https://www.exploit-db.com/exploits/45497/https://www.openwall.com/lists/oss-security/2018/09/18/4http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2http://www.securityfocus.com/bid/105417http://www.securityfocus.com/bid/106503http://www.securitytracker.com/id/1041748https://access.redhat.com/errata/RHSA-2018:3656https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2https://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlhttps://security.netapp.com/advisory/ntap-20190204-0001/https://usn.ubuntu.com/3776-1/https://usn.ubuntu.com/3776-2/https://usn.ubuntu.com/3777-1/https://usn.ubuntu.com/3777-2/https://usn.ubuntu.com/3777-3/https://www.debian.org/security/2018/dsa-4308https://www.exploit-db.com/exploits/45497/https://www.openwall.com/lists/oss-security/2018/09/18/4
2018-09-19
Published