First Last Prev Next    This bug is not in your last search results.
Bug 1116303 - (CVE-2018-18955) VUL-1: CVE-2018-18955: kernel-source: broken uid/gid mapping for nested user namespaces with >5 ranges (; since 4.15; fixed in 4.18.19 and 4.19.2)
(CVE-2018-18955)
VUL-1: CVE-2018-18955: kernel-source: broken uid/gid mapping for nested user ...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/219347/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-11-16 08:51 UTC by Marcus Meissner
Modified: 2019-01-08 07:28 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-11-16 08:51:07 UTC 
CVE-2018-18955

In Linux kernel versions since 4.15, map_write() in
kernel/user_namespace.c handles nested user namespaces with more than
5 UID or GID ranges incorrectly. This can allow a user who has
CAP_SYS_ADMIN in a user namespace which maps at least 6 UIDs or GIDs
to bypass access controls on resources outside the namespace.

This is CVE-2018-18955.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2
https://bugs.chromium.org/p/project-zero/issues/detail?id=1712
Comment 1 Marcus Meissner 2018-11-16 09:01:28 UTC 
we do not seem to have backported the problematic fix from 6397fac4915a to our kernels ... but please cross check.
Comment 3 Marcus Meissner 2019-01-08 07:28:59 UTC 
is resolved upstream
First Last Prev Next    This bug is not in your last search results.