This flaw was fixed in the Linux kernel starting with the version of 5.18. The information about this flaw was released to the public on June 16th, 2018.
Linux kernel: CVE-2018-16664 In the Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.
SE Linux kernel: CVE-2018-5532 In the Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.
SE Linux kernel: CVE-2017-18261 In the Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.
SE Linux kernel: CVE-2017-18262 In the Linux kernel before version 4.14, user creation
Linux kernel: New features of CVE-2018-16664
The new Linux kernel release 4.19 includes a fix for this flaw.
What to look for in a Linux kernel release?
To maintain a secure Linux kernel, always check for the following release notes:
CVE-X-Y-Z
The last part of the security note is what to look for in a release. You should always check for CVE's or Common Vulnerabilities and Exposures. These are flaws that have been identified by the security community. They are not new flaws, but flaws that have been patched and fixed in a new release. If you see these with your Linux kernel version, it is likely that there was an issue that has been resolved.
Understanding Linux Kernel Security Vulnerabilities
In the Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.
In the SE Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.
User creation of files on a UDF image media can lead to privilege escalation in both Linux and SE Linux kernels
\^
Timeline
Published on: 02/16/2022 17:15:00 UTC
Last modified on: 05/11/2022 14:30:00 UTC
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f
- https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr@quack3.lan/T/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://www.debian.org/security/2022/dsa-5096
- https://www.debian.org/security/2022/dsa-5095
- http://www.openwall.com/lists/oss-security/2022/04/13/2
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0617