CVE-2018-8781 — Integer Overflow or Wraparound in Kernel
Severity
7.8HIGHNVD
OSV6.7OSV5.5OSV4.7
EPSS
0.1%
top 72.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedApr 23
Latest updateMay 14
Description
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages8 packages
▶CVEListV5check_point_software_technologies_ltd/linux_kernelkernel version 3.4 and up to and including 4.15
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10
Patches
🔴Vulnerability Details
7📋Vendor Advisories
9💬Community
2Bugzilla▶
CVE-2018-8781 kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space [fedora-all]↗2018-04-24
Bugzilla▶
CVE-2018-8781 kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space↗2018-04-24