usn-3836-2
Vulnerability from osv_ubuntu
Published
2018-12-04 04:49
Modified
2026-02-10 04:41
Summary
linux-hwe, linux-gcp vulnerabilities
Details

USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.

Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. (CVE-2018-18955)

Philipp Wendler discovered that the overlayfs implementation in the Linux kernel did not properly verify the directory contents permissions from within a unprivileged user namespace. A local attacker could use this to expose sensitive information (protected file names). (CVE-2018-6559)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2018-6559",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-18955",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-gcp-headers-4.15.0-1025",
            "binary_version": "4.15.0-1025.26~16.04.1"
          },
          {
            "binary_name": "linux-gcp-tools-4.15.0-1025",
            "binary_version": "4.15.0-1025.26~16.04.1"
          },
          {
            "binary_name": "linux-headers-4.15.0-1025-gcp",
            "binary_version": "4.15.0-1025.26~16.04.1"
          },
          {
            "binary_name": "linux-image-unsigned-4.15.0-1025-gcp",
            "binary_version": "4.15.0-1025.26~16.04.1"
          },
          {
            "binary_name": "linux-modules-4.15.0-1025-gcp",
            "binary_version": "4.15.0-1025.26~16.04.1"
          },
          {
            "binary_name": "linux-modules-extra-4.15.0-1025-gcp",
            "binary_version": "4.15.0-1025.26~16.04.1"
          },
          {
            "binary_name": "linux-tools-4.15.0-1025-gcp",
            "binary_version": "4.15.0-1025.26~16.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "linux-gcp",
        "purl": "pkg:deb/ubuntu/linux-gcp@4.15.0-1025.26~16.04.1?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.15.0-1025.26~16.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.10.0-1004.4",
        "4.10.0-1006.6",
        "4.10.0-1007.7",
        "4.10.0-1008.8",
        "4.10.0-1009.9",
        "4.13.0-1002.5",
        "4.13.0-1006.9",
        "4.13.0-1007.10",
        "4.13.0-1008.11",
        "4.13.0-1011.15",
        "4.13.0-1012.16",
        "4.13.0-1013.17",
        "4.13.0-1015.19",
        "4.13.0-1017.21",
        "4.13.0-1019.23",
        "4.15.0-1014.14~16.04.1",
        "4.15.0-1015.15~16.04.1",
        "4.15.0-1017.18~16.04.1",
        "4.15.0-1018.19~16.04.2",
        "4.15.0-1019.20~16.04.1",
        "4.15.0-1021.22~16.04.1",
        "4.15.0-1023.24~16.04.1",
        "4.15.0-1024.25~16.04.2"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2018-6559",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2018-18955",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:16.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "block-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "block-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "crypto-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "crypto-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "dasd-extra-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "dasd-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "fat-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "fat-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "fb-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "firewire-core-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "floppy-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "fs-core-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "fs-core-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "fs-secondary-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "fs-secondary-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "input-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "input-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "ipmi-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "ipmi-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "irda-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "irda-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "kernel-image-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "kernel-image-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-cloud-tools-4.15.0-42-generic",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-cloud-tools-4.15.0-42-lowlatency",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-headers-4.15.0-42",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-headers-4.15.0-42-generic",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-headers-4.15.0-42-generic-lpae",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-headers-4.15.0-42-lowlatency",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-hwe-cloud-tools-4.15.0-42",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-hwe-tools-4.15.0-42",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-hwe-udebs-generic",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-hwe-udebs-generic-lpae",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-image-4.15.0-42-generic",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-image-4.15.0-42-generic-lpae",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-image-4.15.0-42-lowlatency",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-image-unsigned-4.15.0-42-generic",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-image-unsigned-4.15.0-42-lowlatency",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-modules-4.15.0-42-generic",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-modules-4.15.0-42-generic-lpae",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-modules-4.15.0-42-lowlatency",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-modules-extra-4.15.0-42-generic",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-source-4.15.0",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-tools-4.15.0-42-generic",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-tools-4.15.0-42-generic-lpae",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "linux-tools-4.15.0-42-lowlatency",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "md-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "md-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "message-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "mouse-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "mouse-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "multipath-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "multipath-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "nfs-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "nfs-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "nic-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "nic-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "nic-pcmcia-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "nic-shared-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "nic-shared-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "nic-usb-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "nic-usb-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "parport-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "parport-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "pata-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "pcmcia-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "pcmcia-storage-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "plip-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "plip-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "ppp-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "ppp-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "sata-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "sata-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "scsi-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "scsi-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "serial-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "storage-core-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "storage-core-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "usb-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "usb-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "virtio-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "vlan-modules-4.15.0-42-generic-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          },
          {
            "binary_name": "vlan-modules-4.15.0-42-generic-lpae-di",
            "binary_version": "4.15.0-42.45~16.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "linux-hwe",
        "purl": "pkg:deb/ubuntu/linux-hwe@4.15.0-42.45~16.04.1?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.15.0-42.45~16.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.8.0-36.36~16.04.1",
        "4.8.0-39.42~16.04.1",
        "4.8.0-41.44~16.04.1",
        "4.8.0-42.45~16.04.1",
        "4.8.0-44.47~16.04.1",
        "4.8.0-45.48~16.04.1",
        "4.8.0-46.49~16.04.1",
        "4.8.0-49.52~16.04.1",
        "4.8.0-51.54~16.04.1",
        "4.8.0-52.55~16.04.1",
        "4.8.0-53.56~16.04.1",
        "4.8.0-54.57~16.04.1",
        "4.8.0-56.61~16.04.1",
        "4.8.0-58.63~16.04.1",
        "4.10.0-27.30~16.04.2",
        "4.10.0-28.32~16.04.2",
        "4.10.0-30.34~16.04.1",
        "4.10.0-32.36~16.04.1",
        "4.10.0-33.37~16.04.1",
        "4.10.0-35.39~16.04.1",
        "4.10.0-37.41~16.04.1",
        "4.10.0-38.42~16.04.1",
        "4.10.0-40.44~16.04.1",
        "4.10.0-42.46~16.04.1",
        "4.13.0-26.29~16.04.2",
        "4.13.0-31.34~16.04.1",
        "4.13.0-32.35~16.04.1",
        "4.13.0-36.40~16.04.1",
        "4.13.0-37.42~16.04.1",
        "4.13.0-38.43~16.04.1",
        "4.13.0-39.44~16.04.1",
        "4.13.0-41.46~16.04.1",
        "4.13.0-43.48~16.04.1",
        "4.13.0-45.50~16.04.1",
        "4.15.0-24.26~16.04.1",
        "4.15.0-29.31~16.04.1",
        "4.15.0-30.32~16.04.1",
        "4.15.0-32.35~16.04.1",
        "4.15.0-33.36~16.04.1",
        "4.15.0-34.37~16.04.1",
        "4.15.0-36.39~16.04.1",
        "4.15.0-38.41~16.04.1",
        "4.15.0-39.42~16.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nJann Horn discovered that the Linux kernel mishandles mapping UID or GID\nranges inside nested user namespaces in some situations. A local attacker\ncould use this to bypass access controls on resources outside the\nnamespace. (CVE-2018-18955)\n\nPhilipp Wendler discovered that the overlayfs implementation in the Linux\nkernel did not properly verify the directory contents permissions from\nwithin a unprivileged user namespace. A local attacker could use this to\nexpose sensitive information (protected file names). (CVE-2018-6559)\n",
  "id": "USN-3836-2",
  "modified": "2026-02-10T04:41:27Z",
  "published": "2018-12-04T04:49:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-3836-2"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-6559"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2018-18955"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-hwe, linux-gcp vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2018-6559",
    "UBUNTU-CVE-2018-18955"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…