TROYANOSYVIRUS
Back to CVEs

CVE-2018-18281

N/A

Description

Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.

CVE Details

CVSS v3.1 ScoreN/A
Published10/30/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

canonical:ubuntu_linuxdebian:debian_linuxlinux:linux_kernel

Weaknesses (CWE)

CWE-459

References

http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2018/10/29/5(cve@mitre.org)
http://www.securityfocus.com/bid/105761(cve@mitre.org)
http://www.securityfocus.com/bid/106503(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:0831(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:2029(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2019:2043(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0036(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0100(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0103(cve@mitre.org)
https://access.redhat.com/errata/RHSA-2020:0179(cve@mitre.org)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1695(cve@mitre.org)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78(cve@mitre.org)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.16(cve@mitre.org)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135(cve@mitre.org)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html(cve@mitre.org)
https://usn.ubuntu.com/3832-1/(cve@mitre.org)
https://usn.ubuntu.com/3835-1/(cve@mitre.org)
https://usn.ubuntu.com/3871-1/(cve@mitre.org)
https://usn.ubuntu.com/3871-3/(cve@mitre.org)
https://usn.ubuntu.com/3871-4/(cve@mitre.org)
https://usn.ubuntu.com/3871-5/(cve@mitre.org)
https://usn.ubuntu.com/3880-1/(cve@mitre.org)
https://usn.ubuntu.com/3880-2/(cve@mitre.org)
http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2018/10/29/5(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/105761(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/106503(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0831(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2029(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2043(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0036(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0100(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0103(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0179(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1695(af854a3a-2127-422b-91ae-364da2661108)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78(af854a3a-2127-422b-91ae-364da2661108)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.16(af854a3a-2127-422b-91ae-364da2661108)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3832-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3835-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3871-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3871-3/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3871-4/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3871-5/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3880-1/(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3880-2/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.