what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

CVE-2018-17182

Status Candidate

Overview

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.

Related Files

Red Hat Security Advisory 2018-3656-01
Posted Nov 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3656-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include an use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2018-17182, CVE-2018-18021
MD5 | 513600c8ce4902b46138d1c8a60bbcce
Ubuntu Security Notice USN-3777-3
Posted Oct 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-3 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-5715, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3639, CVE-2018-6554, CVE-2018-6555
MD5 | 9d5422023e24d370d36309f152f01b10
Kernel Live Patch Security Notice LSN-0044-1
Posted Oct 8, 2018
Authored by Benjamin M. Romer

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux
advisories | CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-3620, CVE-2018-3646, CVE-2018-6555
MD5 | 5e82c0eddd3c443fb7cd4484b02a8b65
Ubuntu Security Notice USN-3777-2
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-2 - USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-10853, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555
MD5 | 7ad405888628cb6f624337eff8a8f835
Ubuntu Security Notice USN-3777-1
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3777-1 - Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-10853, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555
MD5 | c89f1e278853e1551c8823435796499e
Ubuntu Security Notice USN-3776-2
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3776-2 - USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18216, CVE-2018-10902, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-16276, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555
MD5 | 756be1d516df5a9777a07b3fe8971a35
Ubuntu Security Notice USN-3776-1
Posted Oct 2, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3776-1 - Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-18216, CVE-2018-10902, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-16276, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555
MD5 | 0fd4ffabf15eba8599f2deb0222a96ac
Debian Security Advisory 4308-1
Posted Oct 2, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4308-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2018-10902, CVE-2018-10938, CVE-2018-13099, CVE-2018-14609, CVE-2018-14617, CVE-2018-14633, CVE-2018-14678, CVE-2018-14734, CVE-2018-15572, CVE-2018-15594, CVE-2018-16276, CVE-2018-16658, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555, CVE-2018-7755, CVE-2018-9363, CVE-2018-9516
MD5 | a1995d1e6eb105061c1bda57627f1054
Linux VMA Use-After-Free
Posted Sep 26, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a VMA use-after-free vulnerability via a buggy vmacache_flush_all() fastpath.

tags | exploit
systems | linux
advisories | CVE-2018-17182
MD5 | f1861d71fffe7fe2825d8cc77332fd6a
Slackware Security Advisory - Slackware 14.2 kernel Updates
Posted Sep 23, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kernel packages are available for Slackware 14.2 to fix a security issue.

tags | advisory, kernel
systems | linux, slackware
advisories | CVE-2018-17182
MD5 | 255363ee3e54fe1b27ee52ccb250341d
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    10 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close