CVE-2018-18397

Published: 12 December 2018

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.

From the Ubuntu security team

Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-46.49)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.2.0-16.19)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by 9e368259ad988356c4c95150fafd1a06af095d98
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by 5b51072e97d587186c2f5390c8c9c1fb7e179505
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by 29ec90660d68bbdd69507c1c8b4e33aa299278b1
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by e2a50c1f64145a04959df2442305d57307e5395a
Introduced by 4c27fe4c4c84f3afd504ecff2420cc1ad420d38e
Fixed by dcf7fe9d89763a28e0f43975b422ff141fe79e43
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1033.35)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1001.10)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-1002.2)
linux-aws-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.15.0-1033.35~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.18.0-1013.13~18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.15.0-1040.44)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.15.0-1040.44~14.04.1)
linux-azure-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.18.0-1013.13~18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.15.0-1040.44)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-euclid
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-gcp
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1028.29)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.15.0-1028.29~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.18.0-1007.8~18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.18.0-16.17~18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.15.0-46.49~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(5.0.0-8.9~18.04.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.15.0-46.49~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1030.30)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1004.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-13.29~14.04.1)
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-oem
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1034.39)
Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(was needs-triage now end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1009.11)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.15.0-1009.11~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1032.34)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.2.0-1013.19)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (4.20~rc5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1012.12)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist