CVE-2018-18397 (retired)

Priority
Description
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles
access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing
local users to write data into holes in a tmpfs file (if the user has
read-only access to that file, and that file contains holes), related to
fs/userfaultfd.c and mm/userfaultfd.c.
Ubuntu-Description
Jann Horn discovered that the userfaultd implementation in the Linux kernel
did not properly restrict access to certain ioctls. A local attacker could
use this possibly to modify files.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needs-triage ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-16.19)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-46.49)
Ubuntu 18.10 (Cosmic Cuttlefish):released (4.18.0-16.17)
Ubuntu 19.04 (Disco Dingo):not-affected (4.19.0-12.13)
Patches:
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38eFixed by 9e368259ad988356c4c95150fafd1a06af095d98
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38eFixed by 5b51072e97d587186c2f5390c8c9c1fb7e179505
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38eFixed by 29ec90660d68bbdd69507c1c8b4e33aa299278b1
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38eFixed by e2a50c1f64145a04959df2442305d57307e5395a
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38eFixed by dcf7fe9d89763a28e0f43975b422ff141fe79e43
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1001.10)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1033.35)
Ubuntu 18.10 (Cosmic Cuttlefish):released (4.18.0-1011.13)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1011.13)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1033.35~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1040.44)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-1013.13~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (4.18.0-1013.13)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1013.13)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1040.44)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-1013.13~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1028.29~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1028.29)
Ubuntu 18.10 (Cosmic Cuttlefish):released (4.18.0-1007.8)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1007.8)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-1007.8~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-46.49~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.18.0-16.17~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-46.49~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5.0.0-8.9~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1004.9)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1030.30)
Ubuntu 18.10 (Cosmic Cuttlefish):released (4.18.0-1008.8)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1008.8)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needs-triage ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1034.39)
Ubuntu 18.10 (Cosmic Cuttlefish):released (4.15.0-1034.39)
Ubuntu 19.04 (Disco Dingo):not-affected (4.15.0-1034.39)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1009.11~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1009.11)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected (4.15.0-1009.11)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-1013.19)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1032.34)
Ubuntu 18.10 (Cosmic Cuttlefish):released (4.18.0-1010.12)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1010.12)
Package
Upstream:released (4.20~rc5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1012.12)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):not-affected
More Information

Updated: 2019-05-15 21:15:55 UTC (commit 7fd02d9ec802bf69909e9bf11160eb7c4f65c010)