CVE-2018-18281

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.

References

http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html

http://www.openwall.com/lists/oss-security/2018/10/29/5

http://www.securityfocus.com/bid/105761

http://www.securityfocus.com/bid/106503

https://access.redhat.com/errata/RHSA-2019:0831

https://access.redhat.com/errata/RHSA-2019:2029

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2020:0036

https://access.redhat.com/errata/RHSA-2020:0100

https://access.redhat.com/errata/RHSA-2020:0103

https://access.redhat.com/errata/RHSA-2020:0179

https://bugs.chromium.org/p/project-zero/issues/detail?id=1695

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.16

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://usn.ubuntu.com/3832-1/

https://usn.ubuntu.com/3835-1/

https://usn.ubuntu.com/3871-1/

https://usn.ubuntu.com/3871-3/

https://usn.ubuntu.com/3871-4/

https://usn.ubuntu.com/3871-5/

https://usn.ubuntu.com/3880-1/

https://usn.ubuntu.com/3880-2/

Details

Source: MITRE

Published: 2018-10-30

Updated: 2020-08-24

Type: CWE-459

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (46 total)

IDNameProductFamilySeverity
137217OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0020) (Stack Clash)NessusOracleVM Local Security Checks
critical
137173Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5708)NessusOracle Linux Local Security Checks
critical
137172Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5706)NessusOracle Linux Local Security Checks
medium
133164RHEL 7 : kernel (RHSA-2020:0179)NessusRed Hat Local Security Checks
high
132947RHEL 6 : kernel-rt (RHSA-2020:0100)NessusRed Hat Local Security Checks
high
132886RHEL 7 : kernel (RHSA-2020:0103)NessusRed Hat Local Security Checks
high
132700RHEL 7 : kernel (RHSA-2020:0036)NessusRed Hat Local Security Checks
critical
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
129920NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)NessusNewStart CGSL Local Security Checks
medium
129900NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)NessusNewStart CGSL Local Security Checks
medium
128651CentOS 7 : kernel (CESA-2019:2029)NessusCentOS Local Security Checks
medium
128226Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127655RHEL 7 : kernel-rt (RHSA-2019:2043)NessusRed Hat Local Security Checks
medium
127650RHEL 7 : kernel (RHSA-2019:2029)NessusRed Hat Local Security Checks
medium
125283SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124975EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1522)NessusHuawei Local Security Checks
high
124834EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)NessusHuawei Local Security Checks
high
124257RHEL 7 : kernel-alt (RHSA-2019:0831)NessusRed Hat Local Security Checks
high
123721EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)NessusHuawei Local Security Checks
high
123712EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)NessusHuawei Local Security Checks
high
123605EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1131)NessusHuawei Local Security Checks
medium
123420Debian DLA-1731-2 : linux regression update (Spectre)NessusDebian Local Security Checks
medium
123397openSUSE Security Update : the Linux Kernel (openSUSE-2019-974)NessusSuSE Local Security Checks
high
123121EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1108)NessusHuawei Local Security Checks
medium
122879Debian DLA-1715-1 : linux-4.9 security update (Spectre)NessusDebian Local Security Checks
high
122699EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)NessusHuawei Local Security Checks
high
122343SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)NessusSuSE Local Security Checks
high
122052Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : linux-azure vulnerabilities (USN-3871-5)NessusUbuntu Local Security Checks
high
121598Ubuntu 14.04 LTS : linux vulnerabilities (USN-3880-1)NessusUbuntu Local Security Checks
high
121594Ubuntu 16.04 LTS : linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities (USN-3871-4)NessusUbuntu Local Security Checks
high
121593Ubuntu 18.04 LTS : linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities (USN-3871-3)NessusUbuntu Local Security Checks
high
121592Ubuntu 18.04 LTS : Linux kernel regression (USN-3871-2)NessusUbuntu Local Security Checks
high
121571SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1)NessusSuSE Local Security Checks
high
121569SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre)NessusSuSE Local Security Checks
high
121505Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)NessusSlackware Local Security Checks
high
121469Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3871-1)NessusUbuntu Local Security Checks
high
121468SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)NessusSuSE Local Security Checks
high
121208SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0095-1)NessusSuSE Local Security Checks
high
119708openSUSE Security Update : the Linux Kernel (openSUSE-2018-1548)NessusSuSE Local Security Checks
high
119647SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:4069-1)NessusSuSE Local Security Checks
high
119338Ubuntu 18.10 : linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3835-1)NessusUbuntu Local Security Checks
high
119302Ubuntu 18.10 : Linux kernel (AWS) vulnerabilities (USN-3832-1)NessusUbuntu Local Security Checks
high
119077openSUSE Security Update : the Linux Kernel (openSUSE-2018-1427)NessusSuSE Local Security Checks
high
118952SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3746-1)NessusSuSE Local Security Checks
high
118882SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3689-1)NessusSuSE Local Security Checks
high