CVE-2018-18653
Published: 25 October 2018
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.
From the Ubuntu Security Team
Daniel Dadap discovered that the module loading implementation in the Linux kernel did not properly enforce signed module loading when booted with UEFI Secure Boot in some situations. A local privileged attacker could use this to execute untrusted code in the kernel.
Notes
Author | Note |
---|---|
sbeattie | from the commit addressing the issue: Recent versions of the "secure boot lockdown" patches introduced support for using IMA signatures for module signing instead of the standard mechanism. This was causing issues and was removed, but the code was missed which actually defers the verification to IMA when IMA enforcement is enabled. With our config this means that by default module signatures are not being enforced under kernel lockdown. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
trusty |
Not vulnerable
(3.11.0-12.19)
|
|
xenial |
Not vulnerable
(4.2.0-16.19)
|
|
bionic |
Not vulnerable
(4.13.0-16.19)
|
|
cosmic |
Released
(4.18.0-12.13)
|
|
Patches: Introduced by Fixed by local-2018-18653-fix |
||
linux-flo Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
xenial |
Ignored
(abandoned)
|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
bionic |
Not vulnerable
(4.15.0-1001.1)
|
|
cosmic |
Released
(4.18.0-1006.7)
|
|
linux-azure Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
trusty |
Not vulnerable
(4.15.0-1023.24~14.04.1)
|
|
xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
bionic |
Not vulnerable
(4.15.0-1002.2)
|
|
cosmic |
Released
(4.18.0-1006.6)
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
trusty |
Does not exist
|
|
xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.12~rc2)
|
trusty |
Does not exist
|
|
xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
bionic |
Not vulnerable
(4.15.0-1007.9)
|
|
cosmic |
Not vulnerable
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-1006.6~18.04.1)
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Not vulnerable
(4.13.0-1003.3)
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Ignored
(was needs-triage ESM criteria)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
cosmic |
Released
(4.18.0-1004.5)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-1004.5~18.04.1)
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Ignored
(end of life)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-13.14~18.04.1)
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-13.14~18.04.1)
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
cosmic |
Released
(4.18.0-1005.5)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Does not exist
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Does not exist
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [end of standard support])
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Does not exist
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Does not exist
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.3)
|
cosmic |
Not vulnerable
(4.15.0-1004.5)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-1005.5)
|
cosmic |
Released
(4.18.0-1007.9)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
cosmic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.6.12~rc2)
|
|
xenial |
Not vulnerable
(4.4.0-1012.12)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |