CVE-2018-1000204 (retired)

Priority
Description
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an
SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty
6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the
userspace. This has been fixed upstream in
https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824
already. The problem has limited scope, as users don't usually have
permissions to access SCSI devices. On the other hand, e.g. the Nero user
manual suggests doing `chmod o+r+w /dev/sg*` to make the devices
accessible. NOTE: third parties dispute the relevance of this report,
noting that the requirement for an attacker to have both the CAP_SYS_ADMIN
and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit."
Ubuntu-Description
It was discovered that an information leak existed in the generic SCSI
driver in the Linux kernel. A local attacker could use this to expose
sensitive information (kernel memory).
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-130.156)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-33.36)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-10.11)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by a45b599ad808c3c982fdcdc12b0b8611c2f92824
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1062.71)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1020.20)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1002.3)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1022.22~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1022.23)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1003.3)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1022.23)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-1003.3~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1018.19~16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1018.19)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1002.3)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-33.36~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-33.36~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-11.12~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Product
linux-krillin:ignored (was needs-triage now end-of-life)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1029.34)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1020.20)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1003.3)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1017.20)
Ubuntu 19.04 (Disco Dingo):not-affected (4.15.0-1021.24)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1092.100)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1021.23)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1005.7)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1095.100)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):DNE
Product
linux-vegetahd:ignored (was needs-triage now end-of-life)
More Information

Updated: 2019-09-19 16:05:10 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)