1. Home
  2. Vulnerabilities
  3. CVE-2018-8781

CVE-2018-8781

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.04 % (11th)
0.04% Progress
Affected Products 6
Advisories 67
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.

Weaknesses
CWE-190
Integer Overflow or Wraparound
CVE Status
PUBLISHED
CNA
Check Point Software Technologies Ltd.
Published Date
2018-04-23 19:29:00
(6 years ago)
Updated Date
2023-03-03 19:22:20
(18 months ago)

Affected Products

Canonical

Debian

Linux

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.4 version and prior 3.16.57 version cpe:2.3:o:linux:linux_kernel >= 3.4 < 3.16.57
  Linux Kernel from 3.17 version and prior 3.18.103 version cpe:2.3:o:linux:linux_kernel >= 3.17 < 3.18.103
  Linux Kernel from 3.19 version and prior 4.1.52 version cpe:2.3:o:linux:linux_kernel >= 3.19 < 4.1.52
  Linux Kernel from 4.2 version and prior 4.4.125 version cpe:2.3:o:linux:linux_kernel >= 4.2 < 4.4.125
  Linux Kernel from 4.5 version and prior 4.9.91 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.91
  Linux Kernel from 4.10 version and prior 4.14.31 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.31
  Linux Kernel from 4.15 version and prior 4.15.14 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.15.14

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 17.10 cpe:2.3:o:canonical:ubuntu_linux:17.10

Configuration #3

    CPE23 From Up To
  Debian Linux 7.0 cpe:2.3:o:debian:debian_linux:7.0
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0

Configuration #4

    CPE23 From Up To
  Redhat Enterprise Linux Desktop 7.0 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0
  Redhat Enterprise Linux Workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0