CVE-2018-1068

Current Description

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

Basic Data

PublishedMarch 16, 2018
Last ModifiedMay 14, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-787
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredHIGH
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score6.7
CVSS 3 - Base SeverityMEDIUM
Exploitability Score0.8
Base SeverityMEDIUM

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********4.0.04.16
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux12.04***esm***
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux16.04***lts***
    2.3OSCanonicalUbuntu Linux17.10*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
    2.3OSDebianDebian Linux8.0*******
    2.3OSDebianDebian Linux9.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatVirtualization Host4.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server Aus7.6*******
    2.3OSRedhatEnterprise Linux Server Eus7.5*******
    2.3OSRedhatEnterprise Linux Server Eus7.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.6*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 7.0, 8.0, 9.0
Canonical Ubuntu Linux 12.04, 14.04, 16.04, 17.10
Redhat Enterprise Linux Workstation 7.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.5, 7.6
Redhat Enterprise Linux Server 7.0
Linux Linux Kernel *

References

NameSourceURLTags
103459http://www.securityfocus.com/bid/103459BIDThird Party Advisory VDB Entry
RHSA-2018:1318https://access.redhat.com/errata/RHSA-2018:1318REDHATThird Party Advisory
RHSA-2018:1355https://access.redhat.com/errata/RHSA-2018:1355REDHATThird Party Advisory
RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:2948REDHATThird Party Advisory
RHSA-2019:1170https://access.redhat.com/errata/RHSA-2019:1170REDHAT
RHSA-2019:1190https://access.redhat.com/errata/RHSA-2019:1190REDHAT
RHSA-2019:4159https://access.redhat.com/errata/RHSA-2019:4159REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1552048https://bugzilla.redhat.com/show_bug.cgi?id=1552048CONFIRMIssue Tracking Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cddCONFIRMPatch Vendor Advisory
https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6CONFIRMPatch Third Party Advisory
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security updatehttps://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlMLISTMailing List Third Party Advisory
[linux-netdev] 20180305 BUG: unable to handle kernel paging request in compat_copy_entrieshttps://marc.info/?l=linux-netdev&m=152023808817590&w=2MLISTThird Party Advisory
[linux-netdev] 20180305 [PATCH net] netfilter: check for out-of-bounds while copying compat entrieshttps://marc.info/?l=linux-netdev&m=152025888924151&w=2MLISTPatch Third Party Advisory
USN-3654-1https://usn.ubuntu.com/3654-1/UBUNTUThird Party Advisory
USN-3654-2https://usn.ubuntu.com/3654-2/UBUNTUThird Party Advisory
USN-3656-1https://usn.ubuntu.com/3656-1/UBUNTUThird Party Advisory
USN-3674-1https://usn.ubuntu.com/3674-1/UBUNTUThird Party Advisory
USN-3674-2https://usn.ubuntu.com/3674-2/UBUNTUThird Party Advisory
USN-3677-1https://usn.ubuntu.com/3677-1/UBUNTUThird Party Advisory
USN-3677-2https://usn.ubuntu.com/3677-2/UBUNTUThird Party Advisory
DSA-4187https://www.debian.org/security/2018/dsa-4187DEBIANThird Party Advisory
DSA-4188https://www.debian.org/security/2018/dsa-4188DEBIANThird Party Advisory