1. Home
  2. Vulnerabilities
  3. CVE-2018-18281

CVE-2018-18281

CVSS v3.0 7.8 (High)
78% Progress
CVSS v2.0 4.6 (Medium)
46% Progress
EPSS 0.11 % (45th)
0.11% Progress
Affected Products 3
Advisories 27
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.

Weaknesses
CWE-459
Incomplete Cleanup
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-10-30 18:29:00
(5 years ago)
Updated Date
2020-08-24 17:37:01
(4 years ago)

Affected Products

Canonical

Debian

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.2 version and prior 4.9.135 version cpe:2.3:o:linux:linux_kernel >= 3.2 < 4.9.135
  Linux Kernel from 4.9.136 version and prior 4.14.78 version cpe:2.3:o:linux:linux_kernel >= 4.9.136 < 4.14.78
  Linux Kernel from 4.14.79 version and prior 4.18.16 version cpe:2.3:o:linux:linux_kernel >= 4.14.79 < 4.18.16
  Linux Kernel from 4.18.17 version and prior 4.19 version cpe:2.3:o:linux:linux_kernel >= 4.18.17 < 4.19

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 18.10 cpe:2.3:o:canonical:ubuntu_linux:18.10

Configuration #3

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0