Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - News
User Name
Linux - News This forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.


  Search this Thread
Old 05-02-2018, 11:05 AM   #1
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 12,939

Rep: Reputation: 3631Reputation: 3631Reputation: 3631Reputation: 3631Reputation: 3631Reputation: 3631Reputation: 3631Reputation: 3631Reputation: 3631Reputation: 3631Reputation: 3631
CVE-2018-8781: 8-Year-Old Linux Kernel Bug Discovered

How Was CVE-2018-8781 Discovered?

The idea of re-implementing kernel functions is likely to lead to mistakes due to the fact that less QA staff in organizations review their code and fix security issues as part of their process, the researchers explained.
Related Story: Top 15 Linux Security Questions You Didn’t Know You Had

Reviewing this, they unearthed and disclosed a number of issues and a specific bug that is in fact an eight-year-old vulnerability in a driver. The bug can be used for escalating privileges in the latest kernel version (4.16-rc3).

This particular bug is identified as CVE-2018-8781, and it affects the internal mmap() function defined in the fb_helper file operations of the udl driver of DisplayLink:

The video/drm module in the kernel defines a default mmap() wrapper that calls that real mmap() handler defined by the specific driver. In our case the vulnerability is in the internal mmap() defined in the fb_helper file operations of the “udl” driver of “DisplayLink”.

This is a classic example for an Integer-Overflow,Check Point clarified. What is an integer overflow? An integer overflow takes place when an arithmetic operation tries to create a numeric value which is outside of the range that can be represented with a given number of bits. for more...

Old 05-03-2018, 11:00 AM   #2
Registered: May 2010
Distribution: linuxmint-17.3-mate-64bit, 4.2.0-42-lowlatency
Posts: 41

Rep: Reputation: 2
Updated info:

2 May 2018
DisplayLink DRM Driver Had A Local Privilege Escalation Vulnerability - Phoronix

Last edited by MIJ-VI; 05-03-2018 at 11:04 AM.
Old 09-06-2018, 07:15 PM   #3
Registered: Apr 2016
Posts: 382

Rep: Reputation: Disabled
tons of hardware bugs are submitted, repealed, resubmitted "many times over" (same bug) in today's lk.

video cards don't promote security (ie, a hard drive controller promotes security). so it's not really a firm issue anyway.

unix: "everything is a file"

(well, video cards and sound excluded)

(actually on Solaris unix you could copy .au files to your soundcard - but no security bits were honored of course. Microsoft copied the format and called it …. .wav)

Last edited by X-LFS-2010; 09-06-2018 at 07:21 PM.
Old 11-09-2018, 02:12 PM   #4
LQ Newbie
Registered: Nov 2018
Posts: 9

Rep: Reputation: 0
Ohh Finally !!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firefox 56 with CVE-2018-5124 fix Nemesiz Linux - Software 2 03-09-2018 12:43 AM
LXer: Will 2018 Be the Year of the Linux Desktop LXer Syndicated Linux News 0 01-17-2018 04:30 AM
LXer: Ring in New Year 2018 with Manjaro Linux 17.1.0 LXer Syndicated Linux News 0 01-01-2018 12:36 AM
LXer: Flaw CVE-2014-6271 discovered in the Bash shell — update your Fedora systems LXer Syndicated Linux News 0 09-25-2014 04:41 AM > Forums > Linux Forums > Linux - News

All times are GMT -5. The time now is 10:59 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration