Design/Logic Flaw

🗓️ 19 Sep 2018 09:29:00Reported by PRIOn knowledge baseType

prion

prion🔗 www.prio-n.com👁 28 Views

An issue in Linux kernel 4.18.8 allows use-after-free attack via vmacache_flush_all function

Reporter	Title	Published	Views	Family All 226
0day.today	Linux - #VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Exploit	26 Sep 201800:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018	28 Jan 201917:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u	5 Dec 201822:20	–	ibm
GithubExploit	Exploit for Use After Free in Linux Linux_Kernel	29 Sep 201815:58	–	githubexploit
Tenable Nessus	Amazon Linux 2 : kernel (ALAS-2018-1086)	11 Oct 201800:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2018-1086)	5 Oct 201800:00	–	nessus
Tenable Nessus	Debian DLA-1531-1 : linux-4.9 security update	4 Oct 201800:00	–	nessus
Tenable Nessus	Debian DSA-4308-1 : linux - security update	2 Oct 201800:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1526)	14 May 201900:00	–	nessus
Tenable Nessus	Fedora 29 : kernel / kernel-headers (2018-272cf2f9f4)	3 Jan 201900:00	–	nessus

Source	Link
openwall	www.openwall.com/lists/oss-security/2018/09/18/4
github	www.github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
git	www.git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/
exploit-db	www.exploit-db.com/exploits/45497/
debian	www.debian.org/security/2018/dsa-4308
usn	www.usn.ubuntu.com/3777-2/
usn	www.usn.ubuntu.com/3777-1/
usn	www.usn.ubuntu.com/3776-2/
usn	www.usn.ubuntu.com/3776-1/
securitytracker	www.securitytracker.com/id/1041748

24 Feb 2023 18:33Current

7.5High risk

Vulners AI Score7.5

EPSS0.08509

linux kernel vmacache_flush_all use-after-free privilege escalation sequence number overflows