Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-18955 |
CWE-ID | CWE-264 |
Exploitation vector | Local |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU15836
Risk: Low
CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2018-18955
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on a targeted system.
The weakness exists due to the map_write() function, as defined in the kernel/user_namespace.c source code file, improperly handles nested user namespaces that have more than five user identifier (UID) or group identifier (GID) ranges. A local attacker with CAP_SYS_ADMIN capabilities in a targeted user namespace can access the system and execute an application that submits malicious input to bypass access controls outside the user namespace and gain elevated privileges on the system.
MitigationThe vulnerability has been fixed in the versions 4.18.19, 4.19.2.
Vulnerable software versionsLinux kernel: 4.0 - 4.19.1
External linkshttp://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.