CVE-2018-17182

Updated: 2023-12-06

CWE: Use After Free

Description:

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.

CVSS3: 7.8


Vendor State

OS Vendor version Errata
Ubuntu 18.04 4.15.0-36.39 USN-3777-1
Ubuntu 18.04 AWS 4.15.0-1023.23 USN-3777-1
Ubuntu 16.04 HWE 4.15.0-36.39~16.04.1 USN-3777-2
Debian 9 4.9.110-3+deb9u5 DSA-4308-1
Debian 8 backports 4.9.110-3+deb9u5 DSA-4308-1
Amazon Linux 1 4.14.72-68.55.amzn1 ALAS-2018-1086
Amazon Linux 2 4.14.72-73.55.amzn2 ALAS-2018-1086
Ubuntu 18.04 GCP 4.15.0-1021.22 USN-3777-1
Ubuntu 16.04 GCP 4.15.0-1021.22~16.04.1 USN-3777-2
Ubuntu 18.04 Azure 4.15.0-1025.26 USN-3777-3
Ubuntu 16.04 Azure 4.15.0-1025.26~16.04.1 USN-3777-3

KernelCare State

OS Original kernel version State
Ubuntu 18.04
4.15.0-20.21 show all hide all
4.15.0-29.31 4.15.0-31.33 4.15.0-33.36 4.15.0-24.26 4.15.0-34.37 4.15.0-32.35 4.15.0-35.38 4.15.0-23.25 4.15.0-22.24 4.15.0-30.32
Released
Ubuntu 18.04 AWS
4.15.0-1021.21
Released
Ubuntu 16.04 HWE
4.15.0-24.26~16.04.1 show all hide all
4.15.0-34.37~16.04.1 4.15.0-33.36~16.04.1 4.15.0-30.32~16.04.1 4.15.0-29.31~16.04.1 4.15.0-35.38~16.04.1 4.15.0-32.35~16.04.1
Released
Debian 9
4.9.110-2 show all hide all
4.9.110-3+deb9u4 4.9.110-3 4.9.30-2+deb9u2 4.9.65-3+deb9u2 4.9.65-3 4.9.80-2 4.9.82-1+deb9u3 4.9.82-1+deb9u2 4.9.110-3+deb9u3 4.9.107-1 4.9.30-2+deb9u1 4.9.110-3+deb9u2 4.9.88-1 4.9.110-3+deb9u1 4.9.88-1+deb9u1 4.9.51-1 4.9.110-1 4.9.30-2+deb9u5 4.9.65-1 4.9.80-1 4.9.30-2+deb9u4 4.9.65-3+deb9u1 4.9.30-2+deb9u3 4.9.30-2
Released
Debian 8 backports
4.9.110-1~deb8u1 show all hide all
4.9.110-3+deb9u4~deb8u1 4.9.110-3+deb9u1~deb8u1 4.9.30-2+deb9u2~bpo8+1 4.9.30-2+deb9u5~bpo8+1 4.9.30-2~bpo8+1 4.9.51-1~bpo8+1 4.9.65-3+deb9u1~bpo8+1 4.9.65-3+deb9u2~bpo8+1 4.9.65-3~bpo8+1 4.9.82-1+deb9u3~bpo8+1 4.9.88-1+deb9u1~bpo8+1 4.9.88-1~bpo8+1 4.9.110-3+deb9u2~deb8u1
Released
Amazon Linux 1
4.14.62-65.117.amzn1 show all hide all
4.14.70-67.55.amzn1
Released
Amazon Linux 2
4.14.62-70.117.amzn2 show all hide all
4.14.42-61.37.amzn2 4.14.26-54.32.amzn2 4.14.51-66.38.amzn2 4.14.67-71.56.amzn2 4.14.33-59.34.amzn2 4.14.70-72.55.amzn2
Released
Proxmox VE 5
4.15.18-1-pve_4.15.18-15 show all hide all
4.15.18-2-pve_4.15.18-20 4.15.17-3-pve_4.15.17-12 4.15.10-1-pve_4.15.10-4 4.15.15-1-pve_4.15.15-6 4.15.17-1-pve_4.15.17-9 4.15.17-2-pve_4.15.17-10 4.15.18-1-pve_4.15.18-16 4.15.18-1-pve_4.15.18-17 4.15.18-1-pve_4.15.18-19 4.15.18-2-pve_4.15.18-21 4.15.18-4-pve_4.15.18-23 4.15.3-1-pve_4.15.3-1 4.15.18-3-pve_4.15.18-22 4.15.18-5-pve_4.15.18-24
Released
Ubuntu 18.04 GCP
4.15.0-1010.10 show all hide all
4.15.0-1015.15 4.15.0-1018.19 4.15.0-1017.18 4.15.0-1009.9 4.15.0-1008.8 4.15.0-1006.6 4.15.0-1014.14 4.15.0-1019.20
Released
Ubuntu 16.04 GCP
4.15.0-1019.20~16.04.1 show all hide all
4.15.0-1017.18~16.04.1 4.15.0-1018.19~16.04.2 4.15.0-1014.14~16.04.1 4.15.0-1015.15~16.04.1
Released
Endurance 6 elrepo
4.4.112-1.el6.elrepo
Released
Endurance 7 eig 4.14
4.14.68-103.ELK.el6 show all hide all
4.14.68-103.ELK.el7
Released
Proofpoint
Ready For Release
Ubuntu 18.04 Azure
4.15.0-1014.14 show all hide all
4.15.0-1012.12 4.15.0-1021.21 4.15.0-1022.23 4.15.0-1009.9 4.15.0-1018.18 4.15.0-1019.19 4.15.0-1023.24 4.15.0-1013.13
Released
Ubuntu 16.04 Azure
4.15.0-1019.19~16.04.1 show all hide all
4.15.0-1023.24~16.04.1 4.15.0-1014.14~16.04.1 4.15.0-1022.22~16.04.1 4.15.0-1021.21~16.04.1 4.15.0-1018.18~16.04.1 4.15.0-1013.13~16.04.2
Released
Debian 10 cloud
Will Not Fix
Debian 9 backports
Will Not Fix