CVE-2018-8781
23.04.2018, 19:29
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.Enginsight
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 3.4 ≤ 𝑥 < 3.16.57 |
| linux | linux_kernel | 3.17 ≤ 𝑥 < 3.18.103 |
| linux | linux_kernel | 3.19 ≤ 𝑥 < 4.1.52 |
| linux | linux_kernel | 4.2 ≤ 𝑥 < 4.4.125 |
| linux | linux_kernel | 4.5 ≤ 𝑥 < 4.9.91 |
| linux | linux_kernel | 4.10 ≤ 𝑥 < 4.14.31 |
| linux | linux_kernel | 4.15 ≤ 𝑥 < 4.15.14 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||
| linux-aws |
| ||||||||
| linux-azure |
| ||||||||
| linux-euclid |
| ||||||||
| linux-flo |
| ||||||||
| linux-gcp |
| ||||||||
| linux-gke |
| ||||||||
| linux-goldfish |
| ||||||||
| linux-grouper |
| ||||||||
| linux-hwe |
| ||||||||
| linux-hwe-edge |
| ||||||||
| linux-kvm |
| ||||||||
| linux-lts-trusty |
| ||||||||
| linux-lts-utopic |
| ||||||||
| linux-lts-vivid |
| ||||||||
| linux-lts-wily |
| ||||||||
| linux-lts-xenial |
| ||||||||
| linux-maguro |
| ||||||||
| linux-mako |
| ||||||||
| linux-manta |
| ||||||||
| linux-oem |
| ||||||||
| linux-raspi2 |
| ||||||||
| linux-snapdragon |
|
References