Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 Mar 2018 05:30:50 -0400 (EDT)
From: Vladis Dronov <>
Subject: CVE-2018-1068: Linux kernel: netfilter: ebtables: CONFIG_COMPAT:
 don't trust userland offsets


(we believe this flaw is semi-public. there are posts in public mailing
lists and a commit in the upstream Linux tree, but we are not aware of this bug
being considered as a security flaw and not aware of any exploits in the wild.
so we would like to explicitly post to oss-sec@)

a CVE id of CVE-2018-1068 was assigned to this flaw and we would like to ask to
use it in the related public communications.


A flaw was found in the Linux kernel implementation of 32 bit syscall interface
for bridging allowing a privileged user to arbitrarily write to a limited range
of kernel memory. This flaw can be exploited not only by a system's privileged
user (a real "root" user), but also by an attacker who is a privileged user
(a "root" user) in a user+network namespace.


An upstream patch:

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ