CVE-2018-18397 in Ubuntu

CVE-2018-18397

Priority

Description

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles
access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing
local users to write data into holes in a tmpfs file (if the user has
read-only access to that file, and that file contains holes), related to
fs/userfaultfd.c and mm/userfaultfd.c.

Ubuntu-Description

Jann Horn discovered that the userfaultd implementation in the Linux kernel
did not properly restrict access to certain ioctls. A local attacker could
use this possibly to modify files.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18397
https://lore.kernel.org/lkml/20181126173452.26955-2-aarcange@redhat.com/
https://usn.ubuntu.com/usn/usn-3901-1
https://usn.ubuntu.com/usn/usn-3901-2
https://usn.ubuntu.com/usn/usn-3903-1
https://usn.ubuntu.com/usn/usn-3903-2

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=1641548

Notes

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):	not-affected (3.11.0-12.19)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.2.0-16.19)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-46.49)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.19.0-12.13)

Patches:

Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e	Fixed by 9e368259ad988356c4c95150fafd1a06af095d98
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e	Fixed by 5b51072e97d587186c2f5390c8c9c1fb7e179505
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e	Fixed by 29ec90660d68bbdd69507c1c8b4e33aa299278b1
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e	Fixed by e2a50c1f64145a04959df2442305d57307e5395a
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e	Fixed by dcf7fe9d89763a28e0f43975b422ff141fe79e43

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	not-affected (4.4.0-1002.2)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.4.0-1001.10)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1033.35)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1011.13)

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1033.35~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.15.0-1040.44~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1040.44)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.18.0-1013.13~18.04.1)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1013.13)

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1040.44)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.18.0-1013.13~18.04.1)
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1028.29~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1028.29)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1007.8)

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.18.0-1007.8~18.04.1)
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-46.49~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.18.0-16.17~18.04.1)
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-46.49~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (5.0.0-8.9~18.04.1)
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.4.0-1004.9)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1030.30)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1008.8)

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	not-affected (4.4.0-13.29~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1034.39)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.15.0-1034.39)

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1009.11~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1009.11)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.15.0-1009.11)

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.2.0-1013.19)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1032.34)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1010.12)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.4.0-1012.12)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected
Ubuntu 19.04 (Disco Dingo):	not-affected

More Information

Updated: 2019-12-05 18:50:46 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)