LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - News
User Name
Password
Linux - News This forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.

Notices


Reply
  Search this Thread
Old 05-02-2018, 11:05 AM   #1
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 12,738

Rep: Reputation: 3523Reputation: 3523Reputation: 3523Reputation: 3523Reputation: 3523Reputation: 3523Reputation: 3523Reputation: 3523Reputation: 3523Reputation: 3523Reputation: 3523
CVE-2018-8781: 8-Year-Old Linux Kernel Bug Discovered


Quote:
How Was CVE-2018-8781 Discovered?

The idea of re-implementing kernel functions is likely to lead to mistakes due to the fact that less QA staff in organizations review their code and fix security issues as part of their process, the researchers explained.
Related Story: Top 15 Linux Security Questions You Didn’t Know You Had

Reviewing this, they unearthed and disclosed a number of issues and a specific bug that is in fact an eight-year-old vulnerability in a driver. The bug can be used for escalating privileges in the latest kernel version (4.16-rc3).

This particular bug is identified as CVE-2018-8781, and it affects the internal mmap() function defined in the fb_helper file operations of the udl driver of DisplayLink:

The video/drm module in the kernel defines a default mmap() wrapper that calls that real mmap() handler defined by the specific driver. In our case the vulnerability is in the internal mmap() defined in the fb_helper file operations of the “udl” driver of “DisplayLink”.

This is a classic example for an Integer-Overflow,Check Point clarified. https://research.checkpoint.com/mmap...-linux-kernel/ What is an integer overflow? An integer overflow takes place when an arithmetic operation tries to create a numeric value which is outside of the range that can be represented with a given number of bits.
https://sensorstechforum.com/cve-201...ux-kernel-bug/ for more...

--jeremy
 
Old 05-03-2018, 11:00 AM   #2
MIJ-VI
Member
 
Registered: May 2010
Distribution: linuxmint-17.3-mate-64bit, 4.2.0-42-lowlatency
Posts: 41

Rep: Reputation: 2
Updated info:

2 May 2018
DisplayLink DRM Driver Had A Local Privilege Escalation Vulnerability - Phoronix
https://www.phoronix.com/scan.php?pa...-CVE-2018-8781

Last edited by MIJ-VI; 05-03-2018 at 11:04 AM.
 
Old 09-06-2018, 07:15 PM   #3
X-LFS-2010
Member
 
Registered: Apr 2016
Posts: 372

Rep: Reputation: Disabled
tons of hardware bugs are submitted, repealed, resubmitted "many times over" (same bug) in today's lk.

video cards don't promote security (ie, a hard drive controller promotes security). so it's not really a firm issue anyway.

unix: "everything is a file"

(well, video cards and sound excluded)

(actually on Solaris unix you could copy .au files to your soundcard - but no security bits were honored of course. Microsoft copied the format and called it …. .wav)

Last edited by X-LFS-2010; 09-06-2018 at 07:21 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Firefox 56 with CVE-2018-5124 fix Nemesiz Linux - Software 2 03-09-2018 12:43 AM
LXer: Will 2018 Be the Year of the Linux Desktop LXer Syndicated Linux News 0 01-17-2018 04:30 AM
LXer: Ring in New Year 2018 with Manjaro Linux 17.1.0 LXer Syndicated Linux News 0 01-01-2018 12:36 AM
LXer: Flaw CVE-2014-6271 discovered in the Bash shell — update your Fedora systems LXer Syndicated Linux News 0 09-25-2014 04:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - News

All times are GMT -5. The time now is 09:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration