Уязвимость CVE-2018-18955: Информация
Описание
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
Важность: HIGH (7,0) Вектор: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
kernel-image-mp | sisyphus | 4.19.4-alt1 | 6.8.12-alt1 | ALT-PU-2018-2699-1 | 216914 | Исправлено |
kernel-image-mp | p10 | 4.19.4-alt1 | 6.1.19-alt1 | ALT-PU-2018-2699-1 | 216914 | Исправлено |
kernel-image-mp | p9 | 4.19.4-alt1 | 5.12.16-alt1 | ALT-PU-2018-2699-1 | 216914 | Исправлено |
kernel-image-mp | c9f2 | 4.19.4-alt1 | 5.7.16-alt1 | ALT-PU-2018-2699-1 | 216914 | Исправлено |
kernel-image-mp | p11 | 4.19.4-alt1 | 6.8.8-alt1 | ALT-PU-2018-2699-1 | 216914 | Исправлено |
kernel-image-un-def | sisyphus | 4.19.5-alt1 | 6.6.32-alt1 | ALT-PU-2018-2729-1 | 216983 | Исправлено |
kernel-image-un-def | p10 | 4.19.5-alt1 | 6.1.90-alt1 | ALT-PU-2018-2729-1 | 216983 | Исправлено |
kernel-image-un-def | p9 | 4.19.5-alt1 | 5.10.218-alt1 | ALT-PU-2018-2729-1 | 216983 | Исправлено |
kernel-image-un-def | c10f1 | 4.19.5-alt1 | 6.1.85-alt0.c10f.1 | ALT-PU-2018-2729-1 | 216983 | Исправлено |
kernel-image-un-def | c9f2 | 4.19.5-alt1 | 5.10.29-alt2 | ALT-PU-2018-2729-1 | 216983 | Исправлено |
kernel-image-un-def | p11 | 4.19.5-alt1 | 6.6.31-alt1 | ALT-PU-2018-2729-1 | 216983 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd |
|
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2 |
|
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19 |
|
https://bugs.chromium.org/p/project-zero/issues/detail?id=1712 |
|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd |
|
105941 |
|
45886 |
|
USN-3833-1 |
|
USN-3832-1 |
|
45915 |
|
USN-3836-2 |
|
USN-3836-1 |
|
USN-3835-1 |
|
https://support.f5.com/csp/article/K39103040 | |
https://security.netapp.com/advisory/ntap-20190416-0003/ |