CVE-2018-18955
Description
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
12.22
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-gcp_4.15.0.1025.39_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-gke_4.15.0.1025.39_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-4.15.0-1025-gcp_4.15.0-1025.26~16.04.1_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-4.15.0-42-generic_4.15.0-42.45~16.04.1_i386.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-4.15.0-42-generic_4.15.0-42.45~16.04.1_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-generic-hwe-16.04_4.15.0.42.63_i386.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-generic-hwe-16.04_4.15.0.42.63_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-4.15.0-42-lowlatency_4.15.0-42.45~16.04.1_i386.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-4.15.0-42-lowlatency_4.15.0-42.45~16.04.1_amd64.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-lowlatency-hwe-16.04_4.15.0.42.63_i386.deb | Linux |
| Linux kernel for Google Cloud Platform (GCP) systems (USN-3836-2) linux-image-lowlatency-hwe-16.04_4.15.0.42.63_amd64.deb | Linux |
| Linux kernel (USN-3835-1) linux-image-4.18.0-1004-gcp_4.18.0-1004.5_amd64.deb | Linux |
| Linux kernel (USN-3835-1) linux-image-4.18.0-1005-kvm_4.18.0-1005.5_amd64.deb | Linux |
| Linux kernel (USN-3835-1) linux-image-4.18.0-12-generic_4.18.0-12.13_i386.deb | Linux |
| Linux kernel (USN-3835-1) linux-image-4.18.0-12-generic_4.18.0-12.13_amd64.deb | Linux |
| Linux kernel (USN-3835-1) linux-image-4.18.0-12-lowlatency_4.18.0-12.13_i386.deb | Linux |
| Linux kernel (USN-3835-1) linux-image-4.18.0-12-lowlatency_4.18.0-12.13_amd64.deb | Linux |
| Linux kernel (USN-3836-1) linux-image-4.15.0-1025-gcp_4.15.0-1025.26_amd64.deb | Linux |
| Linux kernel (USN-3836-1) linux-image-4.15.0-1027-kvm_4.15.0-1027.27_amd64.deb | Linux |
| Linux kernel (USN-3836-1) linux-image-4.15.0-42-generic_4.15.0-42.45_i386.deb | Linux |
| Linux kernel (USN-3836-1) linux-image-4.15.0-42-generic_4.15.0-42.45_amd64.deb | Linux |
| Linux kernel (USN-3836-1) linux-image-4.15.0-42-lowlatency_4.15.0-42.45_i386.deb | Linux |
| Linux kernel (USN-3836-1) linux-image-4.15.0-42-lowlatency_4.15.0-42.45_amd64.deb | Linux |
| aws (USN-3833-1) linux-image-4.15.0-1029-aws_4.15.0-1029.30_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234