Candidate: CVE-2018-5873
PublicDate: 2018-07-06 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5873
 https://source.android.com/security/bulletin/2018-07-01
 https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=34742aaf7cb16c95edba4a7afed6d2c4fa7e434b
 https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
Description:
 An issue was discovered in the __ns_get_path function in fs/nsfs.c in the
 Linux kernel before 4.11. Due to a race condition when accessing files, a
 Use After Free condition can occur. This also affects all Android releases
 from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD
 Android) before security patch level 2018-07-05.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H [7.0 HIGH]

Patches_linux:
 break-fix: e149ed2b805fefdccf7ccdfc19eca22fdd4514ac 073c516ff73557a8f7315066856c04b50383ac34
upstream_linux: released (4.11~rc8)
precise/esm_linux: not-affected
trusty_linux: not-affected
trusty/esm_linux: not-affected
xenial_linux: released (4.4.0-121.145)
esm-infra/xenial_linux: released (4.4.0-121.145)
artful_linux: not-affected (4.11.0-10.15)
bionic_linux: not-affected (4.13.0-16.19)
devel_linux: not-affected (4.15.0-20.21)

Patches_linux-lts-trusty:
upstream_linux-lts-trusty: released (4.11~rc8)
precise/esm_linux-lts-trusty: not-affected
trusty_linux-lts-trusty: DNE
trusty/esm_linux-lts-trusty: DNE
xenial_linux-lts-trusty: DNE
artful_linux-lts-trusty: DNE
bionic_linux-lts-trusty: DNE
devel_linux-lts-trusty: DNE

Patches_linux-goldfish:
upstream_linux-goldfish: released (4.11~rc8)
precise/esm_linux-goldfish: DNE
trusty_linux-goldfish: ignored (abandoned)
trusty/esm_linux-goldfish: DNE (trusty was ignored [abandoned])
xenial_linux-goldfish: ignored (end-of-life)
artful_linux-goldfish: DNE
bionic_linux-goldfish: DNE
devel_linux-goldfish: DNE

Patches_linux-grouper:
upstream_linux-grouper: released (4.11~rc8)
precise/esm_linux-grouper: DNE
trusty_linux-grouper: ignored (abandoned)
trusty/esm_linux-grouper: DNE (trusty was ignored [abandoned])
xenial_linux-grouper: DNE
artful_linux-grouper: DNE
bionic_linux-grouper: DNE
devel_linux-grouper: DNE

Patches_linux-maguro:
upstream_linux-maguro: released (4.11~rc8)
precise/esm_linux-maguro: DNE
trusty_linux-maguro: ignored (abandoned)
trusty/esm_linux-maguro: DNE (trusty was ignored [abandoned])
xenial_linux-maguro: DNE
artful_linux-maguro: DNE
bionic_linux-maguro: DNE
devel_linux-maguro: DNE

Patches_linux-mako:
upstream_linux-mako: released (4.11~rc8)
precise/esm_linux-mako: DNE
trusty_linux-mako: ignored (abandoned)
trusty/esm_linux-mako: DNE (trusty was ignored [abandoned])
xenial_linux-mako: ignored (abandoned)
artful_linux-mako: DNE
bionic_linux-mako: DNE
devel_linux-mako: DNE

Patches_linux-manta:
upstream_linux-manta: released (4.11~rc8)
precise/esm_linux-manta: DNE
trusty_linux-manta: ignored (abandoned)
trusty/esm_linux-manta: DNE (trusty was ignored [abandoned])
xenial_linux-manta: DNE
artful_linux-manta: DNE
bionic_linux-manta: DNE
devel_linux-manta: DNE

Patches_linux-flo:
upstream_linux-flo: released (4.11~rc8)
precise/esm_linux-flo: DNE
trusty_linux-flo: ignored (abandoned)
trusty/esm_linux-flo: DNE (trusty was ignored [abandoned])
xenial_linux-flo: ignored (abandoned)
artful_linux-flo: DNE
bionic_linux-flo: DNE
devel_linux-flo: DNE

Patches_linux-raspi2:
upstream_linux-raspi2: released (4.11~rc8)
precise/esm_linux-raspi2: DNE
trusty_linux-raspi2: DNE
trusty/esm_linux-raspi2: DNE
xenial_linux-raspi2: released (4.4.0-1087.95)
artful_linux-raspi2: not-affected (4.13.0-1004.4)
bionic_linux-raspi2: not-affected (4.13.0-1005.5)
devel_linux-raspi2: not-affected (4.15.0-1010.11)

Patches_linux-lts-utopic:
upstream_linux-lts-utopic: released (4.11~rc8)
precise/esm_linux-lts-utopic: DNE
trusty_linux-lts-utopic: ignored (out of standard support)
trusty/esm_linux-lts-utopic: DNE (trusty was ignored [out of standard support])
xenial_linux-lts-utopic: DNE
artful_linux-lts-utopic: DNE
bionic_linux-lts-utopic: DNE
devel_linux-lts-utopic: DNE

Patches_linux-lts-vivid:
upstream_linux-lts-vivid: released (4.11~rc8)
precise/esm_linux-lts-vivid: DNE
trusty_linux-lts-vivid: ignored (out of standard support)
trusty/esm_linux-lts-vivid: DNE (trusty was ignored [out of standard support])
xenial_linux-lts-vivid: DNE
artful_linux-lts-vivid: DNE
bionic_linux-lts-vivid: DNE
devel_linux-lts-vivid: DNE

Patches_linux-lts-wily:
upstream_linux-lts-wily: released (4.11~rc8)
precise/esm_linux-lts-wily: DNE
trusty_linux-lts-wily: ignored (out of standard support)
trusty/esm_linux-lts-wily: DNE (trusty was ignored [out of standard support])
xenial_linux-lts-wily: DNE
artful_linux-lts-wily: DNE
bionic_linux-lts-wily: DNE
devel_linux-lts-wily: DNE

Patches_linux-lts-xenial:
upstream_linux-lts-xenial: released (4.11~rc8)
precise/esm_linux-lts-xenial: DNE
trusty_linux-lts-xenial: released (4.4.0-121.145~14.04.1)
trusty/esm_linux-lts-xenial: released (4.4.0-121.145~14.04.1)
xenial_linux-lts-xenial: DNE
artful_linux-lts-xenial: DNE
bionic_linux-lts-xenial: DNE
devel_linux-lts-xenial: DNE

Patches_linux-snapdragon:
upstream_linux-snapdragon: released (4.11~rc8)
precise/esm_linux-snapdragon: DNE
trusty_linux-snapdragon: DNE
trusty/esm_linux-snapdragon: DNE
xenial_linux-snapdragon: released (4.4.0-1090.95)
artful_linux-snapdragon: released (4.4.0-1090.95)
bionic_linux-snapdragon: not-affected
devel_linux-snapdragon: DNE

Patches_linux-aws:
upstream_linux-aws: released (4.11~rc8)
precise/esm_linux-aws: DNE
trusty_linux-aws: released (4.4.0-1017.17)
trusty/esm_linux-aws: released (4.4.0-1017.17)
xenial_linux-aws: released (4.4.0-1055.64)
esm-infra/xenial_linux-aws: released (4.4.0-1055.64)
artful_linux-aws: DNE
bionic_linux-aws: not-affected (4.15.0-1001.1)
devel_linux-aws: not-affected (4.15.0-1007.7)

Patches_linux-hwe:
upstream_linux-hwe: released (4.11~rc8)
precise/esm_linux-hwe: DNE
trusty_linux-hwe: DNE
trusty/esm_linux-hwe: DNE
xenial_linux-hwe: released (4.13.0-26.29~16.04.2)
esm-infra/xenial_linux-hwe: released (4.13.0-26.29~16.04.2)
artful_linux-hwe: DNE
bionic_linux-hwe: not-affected
devel_linux-hwe: DNE

Patches_linux-hwe-edge:
upstream_linux-hwe-edge: released (4.11~rc8)
precise/esm_linux-hwe-edge: DNE
trusty_linux-hwe-edge: DNE
trusty/esm_linux-hwe-edge: DNE
xenial_linux-hwe-edge: released (4.13.0-26.29~16.04.2)
esm-infra/xenial_linux-hwe-edge: released (4.13.0-26.29~16.04.2)
artful_linux-hwe-edge: DNE
bionic_linux-hwe-edge: released (4.18.0-8.9~18.04.1)
devel_linux-hwe-edge: DNE

Patches_linux-gke:
upstream_linux-gke: released (4.11~rc8)
precise/esm_linux-gke: DNE
trusty_linux-gke: DNE
trusty/esm_linux-gke: DNE
xenial_linux-gke: ignored (end-of-life)
artful_linux-gke: DNE
bionic_linux-gke: DNE
devel_linux-gke: DNE

Patches_linux-azure:
upstream_linux-azure: released (4.11~rc8)
precise/esm_linux-azure: DNE
trusty_linux-azure: not-affected (4.15.0-1023.24~14.04.1)
trusty/esm_linux-azure: not-affected (4.15.0-1023.24~14.04.1)
xenial_linux-azure: not-affected (4.11.0-1009.9)
esm-infra/xenial_linux-azure: not-affected (4.11.0-1009.9)
artful_linux-azure: DNE
bionic_linux-azure: not-affected (4.15.0-1002.2)
devel_linux-azure: not-affected (4.15.0-1009.9)

Patches_linux-azure-edge:
upstream_linux-azure-edge: released (4.11~rc8)
precise/esm_linux-azure-edge: DNE
trusty_linux-azure-edge: DNE
trusty/esm_linux-azure-edge: DNE
xenial_linux-azure-edge: not-affected (4.15.0-1002.2)
artful_linux-azure-edge: DNE
bionic_linux-azure-edge: pending (4.18.0-1003.3~18.04.1)
devel_linux-azure-edge: DNE

Patches_linux-gcp:
upstream_linux-gcp: released (4.11~rc8)
precise/esm_linux-gcp: DNE
trusty_linux-gcp: DNE
trusty/esm_linux-gcp: DNE
xenial_linux-gcp: released (4.13.0-1002.5)
esm-infra/xenial_linux-gcp: released (4.13.0-1002.5)
artful_linux-gcp: DNE
bionic_linux-gcp: not-affected (4.15.0-1001.1)
devel_linux-gcp: not-affected (4.15.0-1006.6)

Patches_linux-kvm:
upstream_linux-kvm: released (4.11~rc8)
precise/esm_linux-kvm: DNE
trusty_linux-kvm: DNE
trusty/esm_linux-kvm: DNE
xenial_linux-kvm: released (4.4.0-1021.26)
esm-infra/xenial_linux-kvm: released (4.4.0-1021.26)
artful_linux-kvm: DNE
bionic_linux-kvm: not-affected (4.15.0-1002.2)
devel_linux-kvm: not-affected (4.15.0-1008.8)

Patches_linux-euclid:
upstream_linux-euclid: released (4.11~rc8)
precise/esm_linux-euclid: DNE
trusty_linux-euclid: DNE
trusty/esm_linux-euclid: DNE
xenial_linux-euclid: ignored (was needed ESM criteria)
artful_linux-euclid: DNE
bionic_linux-euclid: DNE
devel_linux-euclid: DNE

Patches_linux-oem:
upstream_linux-oem: released (4.11~rc8)
precise/esm_linux-oem: DNE
trusty_linux-oem: DNE
trusty/esm_linux-oem: DNE
xenial_linux-oem: not-affected (4.13.0-1008.9)
artful_linux-oem: DNE
bionic_linux-oem: not-affected (4.15.0-1002.3)
devel_linux-oem: not-affected (4.15.0-1004.5)