Skip to main content

Linux MMap Vulnerability

A vulnerability in the Linux operating system kernel mmap system call could allow a local user execute arbitrary code within the kernel space. This could be exploited by an attacker to cause a local privilege escalation.
Threat ID:
CC-2338
Category:
Exploit
Threat Severity:
Low
Threat Vector:
Published:
3 May 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A vulnerability in the Linux operating system kernel mmap system call could allow a local user execute arbitrary code within the kernel space. This could be exploited by an attacker to cause a local privilege escalation.

Affected platforms

The following platforms are known to be affected:

Linux kernel

  • Linux Kernel - Version 4.16-rc3 and prior

Threat details

The url-fb-mmap call function that exists within the drivers/gpu/drm/udl/udl_fb.c directory can be forced into an integer overflow condition using unsigned integer offsets.

For further information:

Remediation steps

Type Step
An update to the Linux kernel was issued on 21/03/2018 to rectify this vulnerability. Most major Linux distributions have now integrated this new kernel version and users should update their vulnerable systems immediately.

CVE Vulnerabilities

Status

CVE-2018-8781

Last edited: 17 February 2020 12:47 pm