CVE-2018-5332 in Ubuntu

CVE-2018-5332

Priority

Medium

Description

In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function
does not validate a value that is used during DMA page allocation, leading
to a heap-based out-of-bounds write (related to the rds_rdma_extra_size
function in net/rds/rdma.c).

Ubuntu-Description

It was discovered that the Reliable Datagram Socket (RDS) implementation in
the Linux kernel contained an out-of-bounds write during RDMA page
allocation. An attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5332
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c
https://github.com/torvalds/linux/commit/c095508770aebf1b9218e77026e48345d719b17c
https://usn.ubuntu.com/usn/usn-3617-1
https://usn.ubuntu.com/usn/usn-3617-2
https://usn.ubuntu.com/usn/usn-3617-3
https://usn.ubuntu.com/usn/usn-3619-1
https://usn.ubuntu.com/usn/usn-3620-1
https://usn.ubuntu.com/usn/usn-3620-2
https://usn.ubuntu.com/usn/usn-3619-2

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.13.0-144.193~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1020.25)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1002.2)

Package

Source tree: https://github.com/bq/aquaris-E5

linux-vegetahd:

needed

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needed now end-of-life)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needed ESM criteria)
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.13.0-144.193)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-119.143)
Ubuntu 17.10 (Artful Aardvark):	released (4.13.0-38.43)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-10.11)

Patches:

Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by c095508770aebf1b9218e77026e48345d719b17c

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-119.143~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1012.16)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	needed

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	pending (4.15.0-15.16~16.04.1)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1002.2)

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (was needs-triage now end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-1016.16)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1054.63)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1001.1)

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1086.94)
Ubuntu 17.10 (Artful Aardvark):	released (4.13.0-1016.17)
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.15.0-1006.7)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1088.93)
Ubuntu 17.10 (Artful Aardvark):	released (4.4.0-1088.93)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1022.24)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	pending (4.15.0-1001.2)

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needed ESM criteria)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-38.43~16.04.1)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source tree: https://github.com/bq/aquaris-E4.5

linux-krillin:

needed

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

More Information

Updated: 2018-04-16 18:14:28 UTC (commit 14567)