cbcvebase.
CVE-2018-17182
published 2018-09-19

CVE-2018-17182: An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker…

PriorityP351high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.21%
86.6th percentile
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.

Affected

19 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianlinux< linux 4.18.10-1 (bookworm)linux 4.18.10-1 (bookworm)
googleandroid
linuxlinux_kernel>= 0 < 4.18.10-14.18.10-1
linuxlinux_kernel>= 0 < 4.18.10-14.18.10-1
linuxlinux_kernel>= 0 < 4.18.10-14.18.10-1
linuxlinux_kernel>= 0 < 4.18.10-14.18.10-1
linuxlinux_kernel>= 0 < 4.4.0-137.1634.4.0-137.163
linuxlinux_kernel>= 0 < 4.15.0-36.394.15.0-36.39
linuxlinux_kernel>= 3.16 < 3.16.583.16.58
linuxlinux_kernel>= 3.17 < 3.18.1233.18.123
linuxlinux_kernel>= 3.19 < 4.4.1574.4.157
linuxlinux_kernel>= 4.10 < 4.14.714.14.71
linuxlinux_kernel>= 4.15 < 4.18.94.18.9
linuxlinux_kernel>= 4.5 < 4.9.1284.9.128

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.