CVE-2017-18344

Published: 26 July 2018

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).

From the Ubuntu Security Team

Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.15.0-10.11)
	cosmic	Not vulnerable (4.15.0-20.21)
	trusty	Released (3.13.0-155.205)
	upstream	Released (4.15~rc4)
	xenial	Released (4.4.0-121.145)
	Patches: Introduced by 57b8015e07a70301e9ec9f324db1a8b73b5a1e2b Fixed by cef31d9af908243421258f1df35a4a644604efbe
linux-aws Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.15.0-1001.1)
	cosmic	Not vulnerable (4.15.0-1007.7)
	trusty	Released (4.4.0-1017.17)
	upstream	Released (4.15~rc4)
	xenial	Released (4.4.0-1055.64)
linux-azure Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.15.0-1002.2)
	cosmic	Not vulnerable (4.15.0-1009.9)
	trusty	Not vulnerable (4.15.0-1023.24~14.04.1)
	upstream	Released (4.15~rc4)
	xenial	Released (4.15.0-1013.13~16.04.2)
linux-azure-edge Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.18.0-1004.4~18.04.1)
	cosmic	Does not exist
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Not vulnerable (4.15.0-1002.2)
linux-euclid Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Released (4.4.0-9029.31)
linux-flo Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.15~rc4)
	xenial	Ignored (abandoned)
linux-gcp Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.15.0-1001.1)
	cosmic	Not vulnerable (4.15.0-1006.6)
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Released (4.15.0-1014.14~16.04.1)
linux-gke Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Ignored (end of standard support)
linux-goldfish Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.15~rc4)
	xenial	Ignored (end of life)
linux-grouper Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.15~rc4)
	xenial	Does not exist
linux-hwe Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	cosmic	Does not exist
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Released (4.15.0-24.26~16.04.1)
linux-hwe-edge Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.18.0-11.12~18.04.1)
	cosmic	Does not exist
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Released (4.15.0-24.26~16.04.1)
linux-kvm Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.15.0-1002.2)
	cosmic	Not vulnerable (4.15.0-1008.8)
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Released (4.4.0-1021.26)
linux-lts-trusty Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Does not exist
linux-lts-utopic Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist (trusty was ignored [end of standard support])
	upstream	Released (4.15~rc4)
	xenial	Does not exist
linux-lts-vivid Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist (trusty was ignored [end of standard support])
	upstream	Released (4.15~rc4)
	xenial	Does not exist
linux-lts-wily Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist (trusty was ignored [end of standard support])
	upstream	Released (4.15~rc4)
	xenial	Does not exist
linux-lts-xenial Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Released (4.4.0-121.145~14.04.1)
	upstream	Released (4.15~rc4)
	xenial	Does not exist
linux-maguro Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.15~rc4)
	xenial	Does not exist
linux-mako Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.15~rc4)
	xenial	Ignored (abandoned)
linux-manta Launchpad, Ubuntu, Debian	bionic	Does not exist
	cosmic	Does not exist
	trusty	Does not exist (trusty was ignored [abandoned])
	upstream	Released (4.15~rc4)
	xenial	Does not exist
linux-oem Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.15.0-1002.3)
	cosmic	Not vulnerable (4.15.0-1004.5)
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Ignored (end of standard support, was needed)
linux-raspi2 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (4.15.0-1006.7)
	cosmic	Not vulnerable (4.15.0-1010.11)
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Released (4.4.0-1087.95)
linux-snapdragon Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	cosmic	Does not exist
	trusty	Does not exist
	upstream	Released (4.15~rc4)
	xenial	Released (4.4.0-1090.95)

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›