PT-2018-2961 · Linux+5 · Linux Kernel+5
Jann Horn
·
Published
2018-10-18
·
Updated
2020-08-24
·
CVE-2018-18281
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.9.135
Linux kernel versions prior to 4.14.78
Linux kernel versions prior to 4.18.16
Linux kernel versions prior to 4.19
Description
The issue arises from the mremap() syscall in the Linux kernel, which can lead to a stale TLB entry remaining for a short time after a physical page has been released and reused. This can permit access to the physical page. The problem is due to insufficient input validation in the implementation of the mremap() syscall.
Recommendations
For Linux kernel versions prior to 4.9.135, update to version 4.9.135 or later.
For Linux kernel versions prior to 4.14.78, update to version 4.14.78 or later.
For Linux kernel versions prior to 4.18.16, update to version 4.18.16 or later.
For Linux kernel versions prior to 4.19, update to version 4.19 or later.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu