CVE-2018-20511
Published: 27 December 2018
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
From the Ubuntu Security Team
It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information.
Notes
| Author | Note |
|---|---|
| tyhicks | An attacker needs root privileges (the CAP_NET_ADMIN capability) to leverage this flaw. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-58.64)
|
| cosmic |
Not vulnerable
(4.18.0-9.10)
|
|
| disco |
Not vulnerable
(4.18.0-10.11)
|
|
| precise |
Ignored
(was needs-triage ESM criteria)
|
|
| trusty |
Ignored
(was needed ESM criteria)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.4.0-139.165)
|
|
|
Patches: Introduced by 5615968a70845157adaffc11062c997d045339ee |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1047.49)
|
| cosmic |
Not vulnerable
(4.18.0-1002.3)
|
|
| disco |
Not vulnerable
(4.18.0-1002.3)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.4.0-1034.37)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.4.0-1072.82)
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-1047.49~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1011.11~18.04.1)
|
| cosmic |
Not vulnerable
(4.18.0-1003.3)
|
|
| disco |
Not vulnerable
(4.18.0-1003.3)
|
|
| precise |
Does not exist
|
|
| trusty |
Ignored
(was needed ESM criteria)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-1055.60)
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1011.11~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-1055.60)
|
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
| cosmic |
Not vulnerable
(4.18.0-1002.3)
|
|
| disco |
Not vulnerable
(4.18.0-1002.3)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-1040.42~16.04.1)
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(end-of-life)
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(end-of-life)
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-13.14~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-58.64~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-15.16~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-58.64~16.04.1)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1042.42)
|
| cosmic |
Not vulnerable
(4.18.0-1003.3)
|
|
| disco |
Not vulnerable
(4.18.0-1003.3)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.4.0-1037.43)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Ignored
(was needs-triage ESM criteria)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [end-of-life])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [end-of-life])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [end-of-life])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.4.0-139.165~14.04.1)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1050.57)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Released
(4.15.0-1050.57)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1021.23)
|
| cosmic |
Ignored
(reached end-of-life)
|
|
| disco |
Released
(5.0.0-1004.8)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-1021.23~16.04.1)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1043.46)
|
| cosmic |
Not vulnerable
(4.18.0-1005.7)
|
|
| disco |
Not vulnerable
(4.18.0-1005.7)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.4.0-1100.108)
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1060.66)
|
| cosmic |
Does not exist
|
|
| disco |
Not vulnerable
(5.0.0-1010.10)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.4.0-1104.109)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20511
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9824dfae5741275473a23a7ed5756c7b6efacc9d
- http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html
- https://ubuntu.com/security/notices/USN-4094-1
- https://ubuntu.com/security/notices/USN-4118-1
- NVD
- Launchpad
- Debian