Linux Kernel CVE-2018-18281 Local Security Bypass Vulnerability

Linux kernel is prone to a local security bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
Linux Kernel 3.2 and above versions are vulnerable.

Information

Bugtraq ID: 105761
Class: Race Condition Error
CVE: CVE-2018-18281

Remote: No
Local: Yes
Published: Oct 30 2018 12:00AM
Updated: Apr 01 2019 06:00PM
Credit: JAnnh
Vulnerable: Redhat Enterprise Mrg 2
Redhat Enterprise Linux 7
Linux kernel 4.18.12
Linux kernel 4.18.11
Linux kernel 4.18.9
Linux kernel 4.18.6
Linux kernel 4.18.5
Linux kernel 4.14.71
Linux kernel 4.14.67
Linux kernel 4.14.31
Linux kernel 4.14.13
+ EnGarde Secure Linux 1.0.1
+ Immunix Immunix OS 7+
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ SuSE Linux 7.0
+ SuSE Linux 6.4
+ SuSE Linux 6.3
+ Trustix Secure Linux 1.5
Linux kernel 4.14.11
+ EnGarde Secure Linux 1.0.1
+ Immunix Immunix OS 7+
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ SuSE Linux 7.0
+ SuSE Linux 6.4
+ SuSE Linux 6.3
+ Trustix Secure Linux 1.5
Linux kernel 4.14.10
Linux kernel 4.14.6
Linux kernel 4.14.5
Linux kernel 4.14.1
Linux kernel 4.9.128
Linux kernel 4.9.91
Linux kernel 4.9.74
Linux kernel 4.9.71
Linux kernel 4.9.68
Linux kernel 4.9.36
Linux kernel 4.9.13
Linux kernel 4.9.8
Linux kernel 4.9.4
Linux kernel 4.9.3
Linux kernel 4.8.11
Linux kernel 4.4.125
Linux kernel 4.4.105
Linux kernel 4.4.27
Linux kernel 4.4.25
Linux kernel 4.4.24
+ SuSE Linux 7.2
Linux kernel 4.4.23
Linux kernel 4.4.22
Linux kernel 4.4.2
Linux kernel 4.2.3
Linux kernel 4.1.47
Linux kernel 4.1.4
Linux kernel 4.1.1
Linux kernel 4.0.6
Linux kernel 3.8.9
Linux kernel 3.8.6
Linux kernel 3.8.5
Linux kernel 3.8.4
Linux kernel 3.8.2
Linux kernel 3.8.1
Linux kernel 3.7.10
Linux kernel 3.7.9
Linux kernel 3.7.8
Linux kernel 3.7.7
Linux kernel 3.7.5
Linux kernel 3.7.4
Linux kernel 3.7.3
Linux kernel 3.7.2
Linux kernel 3.7.1
Linux kernel 3.6.11
Linux kernel 3.6.10
Linux kernel 3.6.9
Linux kernel 3.6.8
Linux kernel 3.6.7
Linux kernel 3.6.6
Linux kernel 3.6.5
Linux kernel 3.6.4
Linux kernel 3.6.3
Linux kernel 3.6.2
Linux kernel 3.6.1
Linux kernel 3.5.7
Linux kernel 3.5.6
Linux kernel 3.5.5
Linux kernel 3.5.4
Linux kernel 3.5.3
Linux kernel 3.5.2
Linux kernel 3.5.1
Linux kernel 3.4.88
Linux kernel 3.4.87
Linux kernel 3.4.86
Linux kernel 3.4.80
Linux kernel 3.4.76
Linux kernel 3.4.73
Linux kernel 3.4.72
Linux kernel 3.4.71
Linux kernel 3.4.64
Linux kernel 3.4.58
Linux kernel 3.4.42
Linux kernel 3.4.36
Linux kernel 3.4.32
Linux kernel 3.4.31
Linux kernel 3.4.27
Linux kernel 3.4.26
Linux kernel 3.4.25
Linux kernel 3.4.21
Linux kernel 3.4.20
Linux kernel 3.4.19
Linux kernel 3.4.18
Linux kernel 3.4.17
Linux kernel 3.4.16
Linux kernel 3.4.15
Linux kernel 3.4.14
Linux kernel 3.4.13
Linux kernel 3.4.12
Linux kernel 3.4.11
Linux kernel 3.4.10
Linux kernel 3.4.9
Linux kernel 3.4.8
Linux kernel 3.4.7
Linux kernel 3.4.6
Linux kernel 3.4.5
Linux kernel 3.4.4
Linux kernel 3.4.3
Linux kernel 3.4.2
Linux kernel 3.4.1
Linux kernel 3.3.5
Linux kernel 3.3.4
Linux kernel 3.3.2
Linux kernel 3.2.82
Linux kernel 3.2.72
Linux kernel 3.2.62
Linux kernel 3.2.57
Linux kernel 3.2.56
Linux kernel 3.2.51
Linux kernel 3.2.24
Linux kernel 3.2.23
Linux kernel 3.2.13
Linux kernel 3.2.12
Linux kernel 3.2.9
Linux kernel 3.2.1
Linux kernel 4.9.9
Linux kernel 4.9.11
Linux kernel 4.9
Linux kernel 4.8.7
Linux kernel 4.8.6
Linux kernel 4.8.3
Linux kernel 4.8.14
Linux kernel 4.8.13
Linux kernel 4.8.12
Linux kernel 4.8.1
Linux kernel 4.8
Linux kernel 4.4.26
Linux kernel 4.4.14
Linux kernel 4.4.1
Linux kernel 4.4
Linux kernel 4.3.3
Linux kernel 4.2.8
Linux kernel 4.2
Linux kernel 4.18.1
Linux kernel 4.14.8
Linux kernel 4.14.7
+ EnGarde Secure Linux 1.0.1
+ Immunix Immunix OS 7+
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ SuSE Linux 7.0
+ SuSE Linux 6.4
+ SuSE Linux 6.3
+ Trustix Secure Linux 1.5
Linux kernel 4.14.4
Linux kernel 4.14.3
Linux kernel 4.14.2
Linux kernel 4.14.15
Linux kernel 4.14.14
Linux kernel 4.14
Linux kernel 4.1.15
Linux kernel 4.1
Linux kernel 4.0.5
Linux kernel 4.0
Linux kernel 3.9.8
Linux kernel 3.9.4
Linux kernel 3.9
Linux kernel 3.8
Linux kernel 3.7.6
Linux kernel 3.7
Linux kernel 3.6
Linux kernel 3.5-rc1
Linux kernel 3.5
Linux kernel 3.4.93
Linux kernel 3.4.81
Linux kernel 3.4.70
Linux kernel 3.4.67
Linux kernel 3.4.29
Linux kernel 3.4
Linux kernel 3.3
Linux kernel 3.2.81
Linux kernel 3.2.78
Linux kernel 3.2.65
Linux kernel 3.2.64
Linux kernel 3.2.63
Linux kernel 3.2.60
Linux kernel 3.2.55
Linux kernel 3.2.54
Linux kernel 3.2.53
Linux kernel 3.2.52
Linux kernel 3.2.50
Linux kernel 3.2.44
Linux kernel 3.2.42
Linux kernel 3.2.38
Linux kernel 3.2.2
Linux kernel 3.2
Google Android 0

Not Vulnerable: Linux kernel 4.18.16
Linux kernel 4.14.78
Linux kernel 4.9.135
Linux kernel 4.19

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Linux kernel Homepage (kernel.org)
  
• Change Log 4.14.78 (CDN Kernel)
  
• Change Log 4.18.16 (CDN Kernel)
  
• Change Log 4.9.135 (CDN Kernel)
  
• Linux: mremap() TLB flush too late with concurrent ftruncate() (Chromium)
  

Source: www.securityfocus.com