Main Vulnerability Database Vulnerabilities #VU16558

#VU16558 Security restrictions bypass in Linux kernel - CVE-2018-18397

Published: December 14, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU16558

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-18397

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper access control in the userfaultfd implementation. A local attacker can access a system that is mounted with shmem or hugetlbs virtual memory areas, maliciously modify mapping to targeted files and write arbitrary memory on the system, which could be used to conduct additional attacks.

Remediation

The vulnerability has been addressed in the versions 4.14.87, 4.19.8.

External links

https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1

#VU16558 Security restrictions bypass in Linux kernel - CVE-2018-18397

Description

Remediation

External links

Please verify you're human