CVE-2018-18397

Priority
Description
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles
access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing
local users to write data into holes in a tmpfs file (if the user has
read-only access to that file, and that file contains holes), related to
fs/userfaultfd.c and mm/userfaultfd.c.
Ubuntu-Description
Jann Horn discovered that the userfaultd implementation in the Linux kernel
did not properly restrict access to certain ioctls. A local attacker could
use this possibly to modify files.
Notes
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (3.11.0-12.19)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-16.19)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-46.49)
Ubuntu 19.04 (Disco Dingo):not-affected (4.19.0-12.13)
Patches:
Introduced by
4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by
9e368259ad988356c4c95150fafd1a06af095d98
Introduced by
4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by
5b51072e97d587186c2f5390c8c9c1fb7e179505
Introduced by
4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by
29ec90660d68bbdd69507c1c8b4e33aa299278b1
Introduced by
4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by
e2a50c1f64145a04959df2442305d57307e5395a
Introduced by
4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by
dcf7fe9d89763a28e0f43975b422ff141fe79e43
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (4.4.0-1002.2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1001.10)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1033.35)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1011.13)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1033.35~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.15.0-1040.44~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1040.44)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-1013.13~18.04.1)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1013.13)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1040.44)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-1013.13~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1028.29~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1028.29)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1007.8)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-1007.8~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-46.49~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-16.17~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-46.49~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5.0.0-8.9~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1004.9)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1030.30)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1008.8)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (4.4.0-13.29~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1034.39)
Ubuntu 19.04 (Disco Dingo):not-affected (4.15.0-1034.39)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1009.11~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1009.11)
Ubuntu 19.04 (Disco Dingo):not-affected (4.15.0-1009.11)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-1013.19)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1032.34)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1010.12)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1012.12)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
More Information

Updated: 2019-12-05 18:50:46 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)