Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 667152 (CVE-2018-17182)

Summary: kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation (CVE-2018-17182)
Product: Gentoo Security Reporter: Sven <s.kieske>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A1 [stable?]
Package list:
Runtime testing required: ---

Description Sven 2018-09-27 13:10:25 UTC
Hi,

I couldn't find this information in the gentoo bugtracker, also 4.14.71/72 are not marked as stable yet, maybe I can provide some help getting this to stable.

So I figured I should maybe create a tracking bug. This is my first gentoo Bugreport, so please bear with me if I did anything wrong. Feel free to correct me!

I have currently a fresh build of 4.14.72 available and can test to some extend in virtual machines.

For a good write up about this imho quite serious priv esc bug see this blog entry:

https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html

maybe also relevant:

https://security-tracker.debian.org/tracker/CVE-2018-17182

https://nvd.nist.gov/vuln/detail/CVE-2018-17182

kind regards

Sven
Comment 1 Agostino Sarubbo gentoo-dev 2018-10-04 12:30:12 UTC
This is fixed in:

4.18.9
4.14.71
4.9.128
4.4.157

Can we stabilize the newer versions?
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-26 00:50:25 UTC
(In reply to Agostino Sarubbo from comment #1)
> This is fixed in:
> 
> 4.18.9
> 4.14.71
> 4.9.128
> 4.4.157