oss-sec mailing list archives
CVE-2018-1068: Linux kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
From: Vladis Dronov <vdronov () redhat com>
Date: Fri, 16 Mar 2018 05:30:50 -0400 (EDT)
hello, (we believe this flaw is semi-public. there are posts in public mailing lists and a commit in the upstream Linux tree, but we are not aware of this bug being considered as a security flaw and not aware of any exploits in the wild. so we would like to explicitly post to oss-sec@) a CVE id of CVE-2018-1068 was assigned to this flaw and we would like to ask to use it in the related public communications. so: A flaw was found in the Linux kernel implementation of 32 bit syscall interface for bridging allowing a privileged user to arbitrarily write to a limited range of kernel memory. This flaw can be exploited not only by a system's privileged user (a real "root" user), but also by an attacker who is a privileged user (a "root" user) in a user+network namespace. References: https://marc.info/?l=linux-netdev&m=152023808817590&w=2 https://marc.info/?l=linux-netdev&m=152025888924151&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=1552048 An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6 https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE-2018-1068: Linux kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets Vladis Dronov (Mar 16)