CVE-2018-18653

Published: 25 October 2018

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.

From the Ubuntu security team

Daniel Dadap discovered that the module loading implementation in the Linux kernel did not properly enforce signed module loading when booted with UEFI Secure Boot in some situations. A local privileged attacker could use this to execute untrusted code in the kernel.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-16.19)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.2.0-16.19)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Introduced by local-2018-18653-break
Fixed by local-2018-18653-fix
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1001.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1001.10)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-1002.2)
linux-aws-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.15.0-1030.31~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.11.0-1009.9)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.15.0-1023.24~14.04.1)
linux-azure-edge
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-1006.6~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.13.0-1003.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-euclid
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-gcp
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1001.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.10.0-1004.4)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-1004.5~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-13.14~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-13.14~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1004.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-13.29~14.04.1)
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-oem
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1002.3)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(was needs-triage now end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1007.9)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.15.0-1007.9~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.13.0-1005.5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.2.0-1013.19)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1012.12)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
sbeattie
from the commit addressing the issue:
Recent versions of the "secure boot lockdown" patches introduced
support for using IMA signatures for module signing instead of
the standard mechanism. This was causing issues and was removed,
but the code was missed which actually defers the verification to
IMA when IMA enforcement is enabled. With our config this means
that by default module signatures are not being enforced under
kernel lockdown.

References

Bugs