CVE-2018-18397

Impact:
Moderate
Public Date:
2018-11-26
CWE:
CWE-20
Bugzilla:
1641548: CVE-2018-18397 kernel: userfaultfd bypasses tmpfs file permissions
A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege escalation but the impact of modifications on these filesystems of files in production systems may have adverse affects.

Find out more about CVE-2018-18397 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 6.1
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact High
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (kernel) RHSA-2019:0163 2019-01-29
Red Hat Enterprise Linux Extended Update Support 7.5 (kernel) RHSA-2019:0202 2019-01-29
Red Hat Enterprise Linux Extended Update Support 7.4 (kernel) RHSA-2019:0324 2019-02-12
Red Hat Enterprise Linux 7 (kernel-alt) RHSA-2019:0831 2019-04-23

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Not affected
Red Hat Enterprise Linux 8 kernel Not affected
Red Hat Enterprise Linux 8 kernel-rt Not affected
Red Hat Enterprise Linux 7 kernel-rt Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected
Last Modified