#VU14010 Privilege escalation in Oracle Solaris - CVE-2018-2892
Published: July 26, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU14010
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-2892
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Oracle Solaris
Oracle Solaris
Software vendor:
Oracle
Oracle
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the Oracle Solaris AVS kernel component due to a signedness bug in the bounds checking of the ‘SDBC_TEST_INIT’ ioctlcode sent to the ‘/dev/sdbc‘ device. A local attacker can perform a special call to copyin() with a user controllable destination pointer and length, facilitate an arbitrary kernel memory overwrite, and execute arbitrary code in the context of kernel.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Oracle has rolled out a security patch after the issue was disclosed, but evidently the problem was not totally addressed.