• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2018-0470 – Cisco IOS XE HTTP Packet Processing Denial of Service Vulnerability
September 27, 2018
Rewterz Threat Advisory – CVE-2017-13695, CVE-2018-5873, CVE-2018-16658 – Oracle VM Server for x86 update for kernel-uek
October 1, 2018

Rewterz Threat Advisory – CVE-2018-17182 – Linux kernel “vmacache_flush_all()” Use-After-Free Vulnerability

September 28, 2018

Malicious local users may gain escalated privileges by exploiting a vulnerability in the Linux Kernel.

 

 

IMPACT:  HIGH

 

 

PUBLISH DATE:  28-09-2018

 

 

OVERVIEW

 

 

A security flaw in the Linux Kernel may be exploited to induce Denial of Service, Use-After-Free condition or to gain privileges. Updates are available for all the affected versions of the product.

 

 

ANALYSIS

 

 

A flaw was detected in the Linux Kernel by some researchers. When this vulnerability is exploited by an attacker, it may induce a Denial of Service condition. However, exploiting this vulnerability requires time because the vulnerability can only be triggered by processes that run for a long enough time to cause the overflow for a reference counter.

 

 

The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.

 

 

Exploitation of this vulnerability may have high impacts on the confidentiality, integrity and availability of the compromised device.

 

 

AFFECTED PRODUCTS

 

 

Linux Kernel 3.16.x

Linux Kernel 4.4.x

Linux Kernel 4.9.x

Linux Kernel 4.14.x

Linux Kernel 4.18.x

 

 

UPDATE

 

 

Update the following affected versions according to the suggested updates available.

 

 

Versions 4.18.x:

Update to version 4.18.9

 

 

Versions 4.14.x:

Update to version 4.14.71

 

 

Versions 4.9.x:

Update to version 4.9.128

 

 

Versions 4.4.x:

Update to version 4.4.157

 

 

Versions 3.16.x:

Update to version 3.16.58.

 

 

 

If you think you are a victim of a cyber-attack, immediately send an e-mail to info@rewterz.com.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.