PT-2018-1587 · Linux+3 · Linux Kernel+3

Davidlohr Bueso

·

Published

2018-09-13

·

Updated

2025-09-29

·

CVE-2018-17182

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.18.9
Description An issue in the Linux kernel allows an attacker to trigger a use-after-free via certain thread creation, map, unmap, invalidation, and dereference operations, potentially gaining privileges. The vmacache flush all function in mm/vmacache.c mishandles sequence number overflows.
Recommendations For Linux kernel versions prior to 4.18.9, update to version 4.18.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the vmacache flush all function until a patch is available.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880
ALT-PU-2018-2355
ALT-PU-2018-2420
ALT-PU-2018-2502
BDU:2018-01144
CVE-2018-17182
DLA-1529-1
DLA-1531-1
DSA-4308-1
ELSA-2018-4244
ELSA-2018-4270
MGASA-2018-0391
MGASA-2018-0418
MGASA-2018-0419
OPENSUSE-SU-2018_3071-1
OPENSUSE-SU-2018_3202-1
RHSA-2018:3656
SUSE-SU-2018:3003-1
SUSE-SU-2018:3004-1
SUSE-SU-2018:3032-1
SUSE-SU-2018:3032-2
SUSE-SU-2018:3083-1
SUSE-SU-2018:3084-1
SUSE-SU-2018:3100-1
SUSE-SU-2018:3158-1
SUSE-SU-2018:3159-1
SUSE-SU-2018:3164-1
SUSE-SU-2018:3171-1
SUSE-SU-2018:3172-1
SUSE-SU-2018:3173-1
SUSE-SU-2018:3238-1
SUSE-SU-2018:3272-1
SUSE-SU-2018:3331-1
SUSE-SU-2018:3659-1
SUSE-SU-2018:3961-1
SUSE-SU-2018_3032-1
SUSE-SU-2018_3032-2
SUSE-SU-2018_3100-1
SUSE-SU-2018_3158-1
SUSE-SU-2018_3159-1
SUSE-SU-2018_3171-1
SUSE-SU-2018_3172-1
SUSE-SU-2018_3173-1
SUSE-SU-2018_3238-1
SUSE-SU-2018_3272-1
SUSE-SU-2018_3331-1
SUSE-SU-2018_3961-1
SUSE-SU-2019:0095-1
SUSE-SU-2019_0095-1
USN-3776-1
USN-3776-2
USN-3777-1
USN-3777-2
USN-3777-3

Affected Products

Alt Linux
Linux Kernel
Suse
Ubuntu