Vulnerability-Lookup

CVE-2018-18955 (GCVE-0-2018-18955)

Vulnerability from cvelistv5 – Published: 2018-11-16 20:00 – Updated: 2024-08-05 11:23

Summary

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/torvalds/linux/commit/d2f007db…	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v4.x/Chan…	x_refsource_MISC
	https://usn.ubuntu.com/3836-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/3835-1/	vendor-advisoryx_refsource_UBUNTU
	https://bugs.chromium.org/p/project-zero/issues/d…	x_refsource_MISC
	http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_MISC
	https://usn.ubuntu.com/3833-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/3832-1/	vendor-advisoryx_refsource_UBUNTU
	https://www.exploit-db.com/exploits/45915/	exploitx_refsource_EXPLOIT-DB
	https://cdn.kernel.org/pub/linux/kernel/v4.x/Chan…	x_refsource_MISC
	https://www.exploit-db.com/exploits/45886/	exploitx_refsource_EXPLOIT-DB
	https://usn.ubuntu.com/3836-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/bid/105941	vdb-entryx_refsource_BID
	https://support.f5.com/csp/article/K39103040	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2019041…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:23:08.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19"
          },
          {
            "name": "USN-3836-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3836-2/"
          },
          {
            "name": "USN-3835-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3835-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
          },
          {
            "name": "USN-3833-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3833-1/"
          },
          {
            "name": "USN-3832-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3832-1/"
          },
          {
            "name": "45915",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45915/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2"
          },
          {
            "name": "45886",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45886/"
          },
          {
            "name": "USN-3836-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3836-1/"
          },
          {
            "name": "105941",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105941"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K39103040"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190416-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-11-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-16T05:06:03.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19"
        },
        {
          "name": "USN-3836-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3836-2/"
        },
        {
          "name": "USN-3835-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3835-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
        },
        {
          "name": "USN-3833-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3833-1/"
        },
        {
          "name": "USN-3832-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3832-1/"
        },
        {
          "name": "45915",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45915/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2"
        },
        {
          "name": "45886",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45886/"
        },
        {
          "name": "USN-3836-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3836-1/"
        },
        {
          "name": "105941",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105941"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K39103040"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190416-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-18955",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19"
            },
            {
              "name": "USN-3836-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3836-2/"
            },
            {
              "name": "USN-3835-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3835-1/"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
            },
            {
              "name": "USN-3833-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3833-1/"
            },
            {
              "name": "USN-3832-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3832-1/"
            },
            {
              "name": "45915",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45915/"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2"
            },
            {
              "name": "45886",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45886/"
            },
            {
              "name": "USN-3836-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3836-1/"
            },
            {
              "name": "105941",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105941"
            },
            {
              "name": "https://support.f5.com/csp/article/K39103040",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K39103040"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190416-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190416-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-18955",
    "datePublished": "2018-11-16T20:00:00.000Z",
    "dateReserved": "2018-11-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T11:23:08.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2018-18955

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-18955

Aliases

CVE-2018-18955

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-18955",
    "description": "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.",
    "id": "GSD-2018-18955",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-18955.html",
      "https://ubuntu.com/security/CVE-2018-18955",
      "https://packetstormsecurity.com/files/cve/CVE-2018-18955"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-18955"
      ],
      "details": "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.",
      "id": "GSD-2018-18955",
      "modified": "2023-12-13T01:22:36.561740Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-18955",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd",
            "refsource": "MISC",
            "url": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
          },
          {
            "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19",
            "refsource": "MISC",
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19"
          },
          {
            "name": "USN-3836-2",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3836-2/"
          },
          {
            "name": "USN-3835-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3835-1/"
          },
          {
            "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712",
            "refsource": "MISC",
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712"
          },
          {
            "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd",
            "refsource": "MISC",
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
          },
          {
            "name": "USN-3833-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3833-1/"
          },
          {
            "name": "USN-3832-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3832-1/"
          },
          {
            "name": "45915",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45915/"
          },
          {
            "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2",
            "refsource": "MISC",
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2"
          },
          {
            "name": "45886",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45886/"
          },
          {
            "name": "USN-3836-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3836-1/"
          },
          {
            "name": "105941",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105941"
          },
          {
            "name": "https://support.f5.com/csp/article/K39103040",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K39103040"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190416-0003/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190416-0003/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.19.2",
                "versionStartIncluding": "4.15",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-18955"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
            },
            {
              "name": "105941",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105941"
            },
            {
              "name": "45886",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45886/"
            },
            {
              "name": "USN-3833-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3833-1/"
            },
            {
              "name": "USN-3832-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3832-1/"
            },
            {
              "name": "45915",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45915/"
            },
            {
              "name": "USN-3836-2",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3836-2/"
            },
            {
              "name": "USN-3836-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3836-1/"
            },
            {
              "name": "USN-3835-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3835-1/"
            },
            {
              "name": "https://support.f5.com/csp/article/K39103040",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.f5.com/csp/article/K39103040"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190416-0003/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20190416-0003/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2018-11-16T20:29Z"
    }
  }
}

CERTFR-2018-AVI-583

Vulnerability from certfr_avis - Published: 2018-12-04 - Updated: 2018-12-04

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.04 LTS
Ubuntu	Ubuntu	Ubuntu 18.10

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-3836-2 du 4 décembre 2018	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3836-1 du 3 décembre 2018	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3835-1 du 3 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-18955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18955"
    },
    {
      "name": "CVE-2018-6559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6559"
    },
    {
      "name": "CVE-2018-18653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18653"
    },
    {
      "name": "CVE-2018-18281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18281"
    },
    {
      "name": "CVE-2018-17972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
    },
    {
      "name": "CVE-2018-18445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18445"
    }
  ],
  "initial_release_date": "2018-12-04T00:00:00",
  "last_revision_date": "2018-12-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-583",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3836-2 du 4 d\u00e9cembre 2018",
      "url": "https://usn.ubuntu.com/3836-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3836-1 du 3 d\u00e9cembre 2018",
      "url": "https://usn.ubuntu.com/3836-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3835-1 du 3 d\u00e9cembre 2018",
      "url": "https://usn.ubuntu.com/3835-1/"
    }
  ]
}

CERTFR-2018-AVI-581

Vulnerability from certfr_avis - Published: 2018-12-03 - Updated: 2018-12-03

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Ubuntu	Ubuntu	Ubuntu 18.04 LTS
	Ubuntu	Ubuntu	Ubuntu 18.10

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-3833-1 du 30 novembre 2018	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3832-1 du 30 novembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 18.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 18.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-18955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18955"
    },
    {
      "name": "CVE-2018-6559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6559"
    },
    {
      "name": "CVE-2018-18653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18653"
    },
    {
      "name": "CVE-2018-18281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18281"
    },
    {
      "name": "CVE-2018-17972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
    },
    {
      "name": "CVE-2018-18445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18445"
    }
  ],
  "initial_release_date": "2018-12-03T00:00:00",
  "last_revision_date": "2018-12-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-581",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3833-1 du 30 novembre 2018",
      "url": "https://usn.ubuntu.com/3833-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3832-1 du 30 novembre 2018",
      "url": "https://usn.ubuntu.com/3832-1/"
    }
  ]
}

FKIE_CVE-2018-18955

Vulnerability from fkie_nvd - Published: 2018-11-16 20:29 - Updated: 2024-11-21 03:56

Severity ?

7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/105941	Third Party Advisory, VDB Entry
cve@mitre.org	https://bugs.chromium.org/p/project-zero/issues/detail?id=1712	Patch, Third Party Advisory
cve@mitre.org	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19	Patch, Vendor Advisory
cve@mitre.org	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2	Patch, Vendor Advisory
cve@mitre.org	https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd	Patch, Vendor Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20190416-0003/
cve@mitre.org	https://support.f5.com/csp/article/K39103040
cve@mitre.org	https://usn.ubuntu.com/3832-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3833-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3835-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3836-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/3836-2/	Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/45886/	Exploit, Patch, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.exploit-db.com/exploits/45915/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105941	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugs.chromium.org/p/project-zero/issues/detail?id=1712	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20190416-0003/
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K39103040
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3832-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3833-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3835-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3836-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3836-2/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45886/	Exploit, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45915/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6572A2C1-2389-4DD6-A22F-40A8F0835AAB",
              "versionEndExcluding": "4.19.2",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, de las versiones 4.15.x hasta las 4.19.x anteriores a la 4.19.2, map_write() en kernel/user_namespace.c permite el escalado de privilegios debido a que gestiona incorrectamente los espacios de nombre de usuario anidados con m\u00e1s de 5 rangos UID o GID. Un usuario que tenga CAP_SYS_ADMIN en un espacio de nombre de usuario afectado puede omitir los controles de acceso en los recursos fuera del espacio de nombre, tal y como queda demostrado con la lectura de /etc/shadow. Esto ocurre debido a que una transformaci\u00f3n ID ocurre correctamente para la direcci\u00f3n namespaced-to-kernel, pero no para la direcci\u00f3n kernel-to-namespaced."
    }
  ],
  "id": "CVE-2018-18955",
  "lastModified": "2024-11-21T03:56:56.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-16T20:29:00.233",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105941"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20190416-0003/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.f5.com/csp/article/K39103040"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3832-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3833-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3835-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3836-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3836-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45886/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45915/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20190416-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/csp/article/K39103040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3832-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3833-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3835-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3836-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3836-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45886/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45915/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-06579

Vulnerability from cnvd - Published: 2019-03-08

Title

Linux Kernel本地权限提升漏洞（CNVD-2019-06579）

Description

Linux是一款开放源代码的操作系统，是一类Unix计算机操作系统的统称。 Linux Kernel存在本地权限提升漏洞。攻击者可利用该漏洞获取权限。

Severity

中

Patch Name

Linux Kernel本地权限提升漏洞（CNVD-2019-06579）的补丁

Patch Description

Linux是一款开放源代码的操作系统，是一类Unix计算机操作系统的统称。 Linux Kernel存在本地权限提升漏洞。攻击者可利用该漏洞获取权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd

Reference

https://www.exploit-db.com/exploits/45886

Impacted products

Name
Linux Kernel

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105941"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-18955"
    }
  },
  "description": "Linux\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u4e00\u7c7bUnix\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u7edf\u79f0\u3002\n\nLinux Kernel\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002",
  "discovererName": "Jann Horn",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-06579",
  "openTime": "2019-03-08",
  "patchDescription": "Linux\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u4e00\u7c7bUnix\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u7edf\u79f0\u3002\r\n\r\nLinux Kernel\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux Kernel\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2019-06579\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Kernel"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/45886",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-19",
  "title": "Linux Kernel\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2019-06579\uff09"
}

CVE-2018-18955

Vulnerability from fstec - Published: 07.11.2018

Title

Уязвимость функции map_write() ("kernel/user_namespace.c") ядра операционной системы Linux, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Description

Уязвимость функции map_write() ("kernel/user_namespace.c") ядра операционной системы Linux связана с неправильной авторизацией. Эксплуатация уязвимости может позволить нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Linux

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), от 4.15 до 4.18.18 включительно (Linux), от 4.19.0 до 4.19.1 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2 Для Debian: https://security-tracker.debian.org/tracker/CVE-2018-18955 Для Astra Linux: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd http://www.securityfocus.com/bid/105941 https://bugs.chromium.org/p/project-zero/issues/detail?id=1712 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18955 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2 https://launchpad.net/bugs/1801924 https://nvd.nist.gov/vuln/detail/CVE-2018-18955 https://security.netapp.com/advisory/ntap-20190416-0003/ https://security-tracker.debian.org/tracker/CVE-2018-18955 https://support.f5.com/csp/article/K39103040 https://ubuntu.com/security/notices/USN-3832-1 https://ubuntu.com/security/notices/USN-3833-1 https://ubuntu.com/security/notices/USN-3835-1 https://ubuntu.com/security/notices/USN-3836-1 https://ubuntu.com/security/notices/USN-3836-2 https://usn.ubuntu.com/3832-1/ https://usn.ubuntu.com/3833-1/ https://usn.ubuntu.com/3835-1/ https://usn.ubuntu.com/3836-1/ https://usn.ubuntu.com/3836-2/ https://usn.ubuntu.com/usn/usn-3832-1 https://usn.ubuntu.com/usn/usn-3833-1 https://usn.ubuntu.com/usn/usn-3835-1 https://usn.ubuntu.com/usn/usn-3836-1 https://usn.ubuntu.com/usn/usn-3836-2 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.cve.org/CVERecord?id=CVE-2018-18955 https://www.exploit-db.com/exploits/45886 https://www.exploit-db.com/exploits/45886/ https://www.exploit-db.com/exploits/45915 https://www.exploit-db.com/exploits/45915/

CWE

CWE-20, CWE-863

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), \u043e\u0442 4.15 \u0434\u043e 4.18.18 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.19.0 \u0434\u043e 4.19.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2018-18955\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.11.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.02.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00432",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-18955",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 map_write() (\u0026quot;kernel/user_namespace.c\u0026quot;) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 map_write() (\u0026quot;kernel/user_namespace.c\u0026quot;) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0438\u0445 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd\nhttp://www.securityfocus.com/bid/105941\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1712\nhttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19\nhttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18955\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd\nhttps://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2\nhttps://launchpad.net/bugs/1801924\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18955\nhttps://security.netapp.com/advisory/ntap-20190416-0003/\nhttps://security-tracker.debian.org/tracker/CVE-2018-18955\nhttps://support.f5.com/csp/article/K39103040\nhttps://ubuntu.com/security/notices/USN-3832-1\nhttps://ubuntu.com/security/notices/USN-3833-1\nhttps://ubuntu.com/security/notices/USN-3835-1\nhttps://ubuntu.com/security/notices/USN-3836-1\nhttps://ubuntu.com/security/notices/USN-3836-2\nhttps://usn.ubuntu.com/3832-1/\nhttps://usn.ubuntu.com/3833-1/\nhttps://usn.ubuntu.com/3835-1/\nhttps://usn.ubuntu.com/3836-1/\nhttps://usn.ubuntu.com/3836-2/\nhttps://usn.ubuntu.com/usn/usn-3832-1\nhttps://usn.ubuntu.com/usn/usn-3833-1\nhttps://usn.ubuntu.com/usn/usn-3835-1\nhttps://usn.ubuntu.com/usn/usn-3836-1\nhttps://usn.ubuntu.com/usn/usn-3836-2\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.cve.org/CVERecord?id=CVE-2018-18955\nhttps://www.exploit-db.com/exploits/45886\nhttps://www.exploit-db.com/exploits/45886/\nhttps://www.exploit-db.com/exploits/45915\nhttps://www.exploit-db.com/exploits/45915/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-863",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7)"
}

GHSA-C6XJ-3C77-G5RG

Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19

Details

Severity ?

7.0 (High)


                  
                    CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-18955"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-16T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.",
  "id": "GHSA-c6xj-3c77-g5rg",
  "modified": "2022-05-13T01:19:42Z",
  "published": "2022-05-13T01:19:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18955"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1712"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190416-0003"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K39103040"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3832-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3833-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3835-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3836-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3836-2"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45886"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45915"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105941"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-18955 (GCVE-0-2018-18955)

GSD-2018-18955

CERTFR-2018-AVI-583

Solution

CERTFR-2018-AVI-581

Solution

FKIE_CVE-2018-18955

CNVD-2019-06579

CVE-2018-18955

GHSA-C6XJ-3C77-G5RG

Tags

Sightings

Nomenclature