CVE-2018-6559

Published: 18 October 2018

The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.

From the Ubuntu security team

Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names).

Priority

Low

CVSS 3 base score: 3.3

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(Ubuntu specific)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-42.45)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.2.0-16.19)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.11.0-12.19)
Patches:
Introduced by local-2018-6559-break
Fixed by local-2015-1328-fix|local-2018-6559-fix
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1029.30)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1001.10)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-1002.2)
linux-aws-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.15.0-1030.31~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-azure
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1035.36)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.15.0-1035.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4.15.0-1035.36~14.04.2)
linux-azure-edge
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1035.36)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.15.0-1035.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-euclid
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(was needs-triage ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-gcp
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1025.26)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.15.0-1025.26~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gcp-edge
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-1004.5~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-13.14~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.15.0-42.45~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.18.0-12.13~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.15.0-42.45~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-kvm
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1027.27)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1004.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [out of standard support])
linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-13.29~14.04.1)
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored [abandoned])
linux-oem
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1028.33)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(was needs-triage now end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.15.0-1007.9)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.15.0-1007.9~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.15.0-1029.31)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.2.0-1013.19)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.12~rc2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(4.4.0-1012.12)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
tyhicks
This CVE is specific to Ubuntu since Ubuntu allows overlayfs mounts
inside of user namespaces
This flaw was previously discovered and fixed as part of
CVE-2015-1328. The fix for CVE-2015-1328 was incorrectly dropped from the
Ubuntu kernel during a merge with related changes in the upstream Linux
kernel. CVE-2018-6559 represents the portion of CVE-2015-1328 that was
incorrectly reintroduced into the Ubuntu kernel.

References

Bugs