CVE-2018-18955

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.15.x through 4.19.x before 4.19.2

Description The issue is related to the map write() function in kernel/user namespace.c, which mishandles nested user namespaces with more than 5 UID or GID ranges. This allows a user with CAP SYS ADMIN in an affected user namespace to bypass access controls on resources outside the namespace. The problem occurs due to improper ID transformation from the kernel to the namespaced direction. A potential exploit could allow an attacker to access sensitive data, such as reading /etc/shadow.

Recommendations For Linux kernel versions 4.15.x through 4.19.x before 4.19.2, update to version 4.19.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of CAP SYS ADMIN in user namespaces to minimize the risk of exploitation. Additionally, restrict access to sensitive resources, such as /etc/shadow, to prevent unauthorized access.