Malicious local users may gain escalated privileges by exploiting a vulnerability in the Linux Kernel.
PUBLISH DATE: 28-09-2018
A security flaw in the Linux Kernel may be exploited to induce Denial of Service, Use-After-Free condition or to gain privileges. Updates are available for all the affected versions of the product.
A flaw was detected in the Linux Kernel by some researchers. When this vulnerability is exploited by an attacker, it may induce a Denial of Service condition. However, exploiting this vulnerability requires time because the vulnerability can only be triggered by processes that run for a long enough time to cause the overflow for a reference counter.
The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
Exploitation of this vulnerability may have high impacts on the confidentiality, integrity and availability of the compromised device.
Linux Kernel 3.16.x
Linux Kernel 4.4.x
Linux Kernel 4.9.x
Linux Kernel 4.14.x
Linux Kernel 4.18.x
Update the following affected versions according to the suggested updates available.
Update to version 4.18.9
Update to version 4.14.71
Update to version 4.9.128
Update to version 4.4.157
Update to version 3.16.58.
If you think you are a victim of a cyber-attack, immediately send an e-mail to email@example.com.