CVE-2018-20511
Published: 27 December 2018
An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
From the Ubuntu Security Team
It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information.
Notes
| Author | Note |
|---|---|
| tyhicks | An attacker needs root privileges (the CAP_NET_ADMIN capability) to leverage this flaw. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(4.19~rc5)
|
| trusty |
Released
(4.4.0-1034.37)
|
|
| xenial |
Released
(4.4.0-1072.82)
|
|
| bionic |
Released
(4.15.0-1047.49)
|
|
| cosmic |
Not vulnerable
(4.18.0-1002.3)
|
|
| disco |
Not vulnerable
(4.18.0-1002.3)
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(end of standard support)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1011.11~18.04.1)
|
| cosmic |
Not vulnerable
(4.18.0-1003.3)
|
|
| disco |
Not vulnerable
(4.18.0-1003.3)
|
|
| trusty |
Ignored
(was needed ESM criteria)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-1055.60)
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(4.19~rc5)
|
| trusty |
Does not exist
|
|
| xenial |
Released
(4.15.0-1047.49~16.04.1)
|
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-58.64)
|
| cosmic |
Not vulnerable
(4.18.0-9.10)
|
|
| disco |
Not vulnerable
(4.18.0-10.11)
|
|
| trusty |
Ignored
(was needed ESM criteria)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.4.0-139.165)
|
|
|
Patches: Introduced by 5615968a70845157adaffc11062c997d045339ee |
||
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1011.11~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-1055.60)
|
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(was needs-triage ESM criteria)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
| cosmic |
Not vulnerable
(4.18.0-1002.3)
|
|
| disco |
Not vulnerable
(4.18.0-1002.3)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-1040.42~16.04.1)
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1040.42)
|
| disco |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
| disco |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(end of life)
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-13.14~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-58.64~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-15.16~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-58.64~16.04.1)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1042.42)
|
| cosmic |
Not vulnerable
(4.18.0-1003.3)
|
|
| disco |
Not vulnerable
(4.18.0-1003.3)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.4.0-1037.43)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Ignored
(end of life, was ignored)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Ignored
(end of life, was ignored)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Ignored
(end of life, was ignored)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Released
(4.4.0-139.165~14.04.1)
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| trusty |
Does not exist
(trusty was ignored [abandoned])
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1050.57)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(4.15.0-1050.57)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1021.23)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(5.0.0-1004.8)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.15.0-1021.23~16.04.1)
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1043.46)
|
| cosmic |
Not vulnerable
(4.18.0-1005.7)
|
|
| disco |
Not vulnerable
(4.18.0-1005.7)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.4.0-1100.108)
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1060.66)
|
| cosmic |
Does not exist
|
|
| disco |
Not vulnerable
(5.0.0-1010.10)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.19~rc5)
|
|
| xenial |
Released
(4.4.0-1104.109)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20511
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9824dfae5741275473a23a7ed5756c7b6efacc9d
- http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html
- https://ubuntu.com/security/notices/USN-4094-1
- https://ubuntu.com/security/notices/USN-4118-1
- NVD
- Launchpad
- Debian