CVE-2018-17182 — HIGH (7.8)

Q: How severe is CVE-2018-17182?

CVE-2018-17182 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-17182?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Netapp Active Iq Performance Analytics Services, Netapp Element Software.

Vulnerability Description

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.16, < 3.16.58
Canonical	Ubuntu Linux	14.04
Debian	Debian Linux	8.0
Netapp	Active Iq Performance Analytics Services	-
Netapp	Element Software	-

Related Weaknesses (CWE)

CWE-416

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdePatchThird Party Advisory
http://www.securityfocus.com/bid/105417Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/106503Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041748PatchThird Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:3656Third Party Advisory
https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339bPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlThird Party Advisory
https://security.netapp.com/advisory/ntap-20190204-0001/PatchThird Party Advisory
https://usn.ubuntu.com/3776-1/Third Party Advisory
https://usn.ubuntu.com/3776-2/Third Party Advisory
https://usn.ubuntu.com/3777-1/Third Party Advisory
https://usn.ubuntu.com/3777-2/Third Party Advisory
https://usn.ubuntu.com/3777-3/Third Party Advisory
https://www.debian.org/security/2018/dsa-4308Third Party Advisory
https://www.exploit-db.com/exploits/45497/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-17182?

CVE-2018-17182 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibl...

How severe is CVE-2018-17182?

CVE-2018-17182 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-17182?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Netapp Active Iq Performance Analytics Services, Netapp Element Software.