CVE-2018-17182
Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Se ha descubierto un problema en el kernel de Linux hasta la versión 4.18.8. La función vmacache_flush_all en mm/vmacache.c manipula incorrectamente los desbordamientos de números de secuencias. Un atacante puede desencadenar un uso de memoria previamente liberada (y posiblemente la obtención de privilegios) mediante determinadas operaciones thread creation, map, unmap, invalidation y dereference.
A security flaw was discovered in the Linux kernel. The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Linux suffers from a VMA use-after-free vulnerability via a buggy vmacache_flush_all() fastpath.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-09-19 CVE Reserved
- 2018-09-19 CVE Published
- 2018-09-29 First Exploit
- 2023-09-13 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105417 | Third Party Advisory | |
| http://www.securityfocus.com/bid/106503 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html | Mailing List |
|
| https://www.openwall.com/lists/oss-security/2018/09/18/4 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/45497 | 2024-08-05 | |
| https://github.com/jas502n/CVE-2018-17182 | 2018-09-29 | |
| https://github.com/likescam/CVE-2018-17182 | 2018-09-29 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:3656 | 2023-02-24 | |
| https://usn.ubuntu.com/3776-1 | 2023-02-24 | |
| https://usn.ubuntu.com/3776-2 | 2023-02-24 | |
| https://usn.ubuntu.com/3777-1 | 2023-02-24 | |
| https://usn.ubuntu.com/3777-2 | 2023-02-24 | |
| https://usn.ubuntu.com/3777-3 | 2023-02-24 | |
| https://www.debian.org/security/2018/dsa-4308 | 2023-02-24 | |
| https://access.redhat.com/security/cve/CVE-2018-17182 | 2018-11-26 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1631205 | 2018-11-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.16 < 3.16.58 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.16 < 3.16.58" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.123 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.123" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.4.157 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.4.157" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.128 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.128" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.71 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.71" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.18.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.18.9" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Performance Analytics Services Search vendor "Netapp" for product "Active Iq Performance Analytics Services" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Software Search vendor "Netapp" for product "Element Software" | - | - |
Affected
| ||||||