Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 667152 (CVE-2018-17182) - kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation (CVE-2018-17182)
Summary: kernel: Use-after-free in the vmacache_flush_all function resulting in a poss...
Status: IN_PROGRESS
Alias: CVE-2018-17182
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard: A1 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-09-27 13:10 UTC by Sven
Modified: 2018-10-04 12:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sven 2018-09-27 13:10:25 UTC
Hi,

I couldn't find this information in the gentoo bugtracker, also 4.14.71/72 are not marked as stable yet, maybe I can provide some help getting this to stable.

So I figured I should maybe create a tracking bug. This is my first gentoo Bugreport, so please bear with me if I did anything wrong. Feel free to correct me!

I have currently a fresh build of 4.14.72 available and can test to some extend in virtual machines.

For a good write up about this imho quite serious priv esc bug see this blog entry:

https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html

maybe also relevant:

https://security-tracker.debian.org/tracker/CVE-2018-17182

https://nvd.nist.gov/vuln/detail/CVE-2018-17182

kind regards

Sven
Comment 1 Agostino Sarubbo gentoo-dev 2018-10-04 12:30:12 UTC
This is fixed in:

4.18.9
4.14.71
4.9.128
4.4.157

Can we stabilize the newer versions?