Privilege escalation in Oracle Solaris - CVE-2018-2892
Published: July 26, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU14010
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-2892
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Oracle
Affected software:
Oracle Solaris
Oracle Solaris
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the Oracle Solaris AVS kernel component due to a signedness bug in the bounds checking of the ‘SDBC_TEST_INIT’ ioctlcode sent to the ‘/dev/sdbc‘ device. A local attacker can perform a special call to copyin() with a user controllable destination pointer and length, facilitate an arbitrary kernel memory overwrite, and execute arbitrary code in the context of kernel.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-2892
Oracle has rolled out a security patch after the issue was disclosed, but evidently the problem was not totally addressed.