UBUNTU-CVE-2018-16880

Details

A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.

Affected Packages(25 packages)

linux

Ubuntu 18.04 LTS

Fixed in:

4.13.0-16.19

linux

Ubuntu 14.04 LTS

Fixed in:

3.11.0-12.19

linux

Ubuntu 16.04 LTS

Fixed in:

4.2.0-16.19

linux-aws

Ubuntu 14.04 LTS

Fixed in:

4.4.0-1002.2

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1001.10

linux-aws

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1001.1

linux-aws-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1030.31~16.04.1

linux-azure

Ubuntu 14.04 LTS

Fixed in:

4.15.0-1023.24~14.04.1

linux-azure

Ubuntu 16.04 LTS

Fixed in:

4.11.0-1009.9

linux-azure

Ubuntu 18.04 LTS

Affected versions:

4.15.0-1002.24.15.0-1003.34.15.0-1004.44.15.0-1008.84.15.0-1009.94.15.0-1012.124.15.0-1013.134.15.0-1014.144.15.0-1018.184.15.0-1019.19+12 more

Fixed in:

4.18.0-1013.13~18.04.1

References

REPORThttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b46a0bf78ad7b150ef5910da83859f7f5a514ffd REPORThttps://ubuntu.com/security/CVE-2018-16880 REPORThttps://ubuntu.com/security/notices/USN-3903-1 REPORThttps://ubuntu.com/security/notices/USN-3903-2 REPORThttps://www.cve.org/CVERecord?id=CVE-2018-16880 REPORThttps://www.openwall.com/lists/oss-security/2019/01/25/1

UBUNTU-CVE-2018-16880

Details

Affected Packages(25 packages)

References

CVSS Analysis

Related

Ecosystems

Timeline