7.8

CVE-2018-18281

Exploit
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.2 < 4.9.135
LinuxLinux Kernel Version >= 4.9.136 < 4.14.78
LinuxLinux Kernel Version >= 4.14.79 < 4.18.16
LinuxLinux Kernel Version >= 4.18.17 < 4.19
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.06% 0.601
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

https://access.redhat.com/errata/RHSA-2020:0036
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3880-1/
Third Party Advisory
https://usn.ubuntu.com/3880-2/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2043
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2019:0831
http://www.securityfocus.com/bid/106503
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3871-1/
Third Party Advisory
https://usn.ubuntu.com/3871-3/
Third Party Advisory
https://usn.ubuntu.com/3871-4/
Third Party Advisory
https://usn.ubuntu.com/3871-5/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0103
https://access.redhat.com/errata/RHSA-2020:0179
https://usn.ubuntu.com/3832-1/
Third Party Advisory
https://usn.ubuntu.com/3835-1/
Third Party Advisory
http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html
Patch
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2018/10/29/5
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/105761
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2020:0100
https://bugs.chromium.org/p/project-zero/issues/detail?id=1695
Patch
Third Party Advisory
Exploit
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78
Patch
Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.16
Patch
Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821
Patch
Vendor Advisory