VIR Vulnerability Intelligence Relay

CVE-2018-18397

unknown
Published — · Modified —
CVSS v3
VIR risk

Description

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact
OSVersionStatusFixed in
suse slesaffected
debian debianbookwormfixed4.19.9-1
debian debianbullseyefixed4.19.9-1
debian debianforkyfixed4.19.9-1
debian debiansidfixed4.19.9-1
debian debiantrixiefixed4.19.9-1

References

💬 Discuss CVE-2018-18397 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.