1631205 – (CVE-2018-17182) CVE-2018-17182 kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation

Bug 1631205 (CVE-2018-17182) - CVE-2018-17182 kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation

Summary: CVE-2018-17182 kernel: Use-after-free in the vmacache_flush_all function resu...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-17182
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1631206 1631295 1631296 1631297
Blocks:	1631208
TreeView+	depends on / blocked

Reported:	2018-09-20 08:26 UTC by Andrej Nemec
Modified:	2022-03-13 15:35 UTC (History)
CC List:	49 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A security flaw was discovered in the Linux kernel. The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Clone Of:
Environment:
Last Closed:	2019-06-10 10:38:22 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:3656	0	None	None	None	2018-11-26 23:14:51 UTC

Description Andrej Nemec 2018-09-20 08:26:54 UTC

A security flaw was discovered in the Linux kernel. The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.

References:

https://seclists.org/oss-sec/2018/q3/251

An upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2

Comment 1 Andrej Nemec 2018-09-20 08:28:21 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1631206]

Comment 5 errata-xmlrpc 2018-11-26 23:14:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3656 https://access.redhat.com/errata/RHSA-2018:3656

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
airlied
aquini
bhu
blc
bskeggs
dbaker
dhoward
ewk
fhrbata
hdegoede
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jarodwilson
jforbes
jglisse
jkacur
john.j5live
jokerman
jonathan
josef
jross
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
matt
mchehab
mcressma
mjg59
mlangsdo
mpoole
nmurray
plougher
rt-maint
rvrbovsk
sardella
steved
sthangav
trankin
vdronov
williams
yozone