Oval Definition:oval:com.ubuntu.bionic:def:201817182000
Revision Date:2018-09-19Version:1
Title:CVE-2018-17182 on Ubuntu 18.04 LTS (bionic) - high.
Description:An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-17182
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND Package Information
  • The 'linux' package in bionic was vulnerable but has been fixed (note: '4.15.0-36.39').
  • OR The 'linux-aws' package in bionic was vulnerable but has been fixed (note: '4.15.0-1023.23').
  • OR The 'linux-azure' package in bionic was vulnerable but has been fixed (note: '4.15.0-1025.26').
  • OR NOT While related to the CVE in some way, the 'linux-azure-edge' package in bionic is not affected (note: '4.18.0-1004.4~18.04.1').
  • OR The 'linux-gcp' package in bionic was vulnerable but has been fixed (note: '4.15.0-1021.22').
  • OR NOT While related to the CVE in some way, the 'linux-hwe' package in bionic is not affected.
  • OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '4.18.0-11.12~18.04.1').
  • OR The 'linux-kvm' package in bionic was vulnerable but has been fixed (note: '4.15.0-1023.23').
  • OR The 'linux-oem' package in bionic was vulnerable but has been fixed (note: '4.15.0-1021.24').
  • OR The 'linux-raspi2' package in bionic was vulnerable but has been fixed (note: '4.15.0-1024.26').
    • BACK