Linux Kernel Security Updates Released

Security updates have been released for the stable Linux kernel to address a virtual memory management vulnerability. An attacker could exploit this vulnerability to gain escalated privileges on the targeted system.

Threat ID:: CC-2697
Category:
Threat Severity:: Low
Threat Vector:
Published:: 2 October 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Affected platforms

The following platforms are known to be affected:

Linux kernel

Linux Kernel - Versions 3.16 to 4.18.9

Threat details

The vulnerability is a cache invalidation flaw in the vmacache flush all function in mm/vmacache.c mishandles sequence number overflows. An attacker could potentially trigger a use-after-free attack to gain full root privileges.

A researcher at Project Zero has published the proof of concept to highlight the delay in the upstream fix being published to the time the fix actually becomes available to users.

For further information:

Remediation advice

Users and administrators are encouraged to review the Linux kernel commit page and apply the necessary updates. Further guidance can be found at the following vendor security pages:

Remediation steps

Type	Step
	Canonical Ubuntu Security Advisory Debian Security Tracker Red Hat Security Advisory 1631205

CVE Vulnerabilities

Status

CVE-2018-17182

Last edited: 17 February 2020 12:47 pm