Description
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in
kernel/user_namespace.c allows privilege escalation because it mishandles
nested user namespaces with more than 5 UID or GID ranges. A user who has
CAP_SYS_ADMIN in an affected user namespace can bypass access controls on
resources outside the namespace, as demonstrated by reading /etc/shadow.
This occurs because an ID transformation takes place properly for the
namespaced-to-kernel direction but not for the kernel-to-namespaced
direction.
Ubuntu-Description
Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace.
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-42.45)
|
| Ubuntu 16.04 ESM: | not-affected
(4.2.0-16.19)
|
| Ubuntu 14.04 ESM: | not-affected
(3.11.0-12.19)
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1029.30)
|
| Ubuntu 16.04 ESM: | not-affected
(4.4.0-1001.10)
|
| Ubuntu 14.04 ESM: | not-affected
(4.4.0-1002.2)
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 16.04 ESM: | not-affected
(4.15.0-1030.31~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1035.36)
|
| Ubuntu 16.04 ESM: | released
(4.15.0-1035.36~16.04.1)
|
| Ubuntu 14.04 ESM: | released
(4.15.0-1035.36~14.04.2)
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1035.36)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1025.26)
|
| Ubuntu 16.04 ESM: | released
(4.15.0-1025.26~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | not-affected
(4.18.0-1004.5~18.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | not-affected
(4.18.0-13.14~18.04.1)
|
| Ubuntu 16.04 ESM: | released
(4.15.0-42.45~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | not-affected
(4.18.0-12.13~18.04.1)
|
| Ubuntu 16.04 ESM: | released
(4.15.0-42.45~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1027.27)
|
| Ubuntu 16.04 ESM: | not-affected
(4.4.0-1004.9)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [out of standard support])
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [out of standard support])
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [out of standard support])
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | not-affected
(4.4.0-13.29~14.04.1)
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1028.33)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | not-affected
(4.15.0-1007.9)
|
| Ubuntu 16.04 ESM: | not-affected
(4.15.0-1007.9~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.20~rc2)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1029.31)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Updated: 2022-04-13 13:26:21 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)