{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T02:52:27.236","vulnerabilities":[{"cve":{"id":"CVE-2018-18281","sourceIdentifier":"cve@mitre.org","published":"2018-10-30T18:29:00.737","lastModified":"2024-11-21T03:55:38.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19."},{"lang":"es","value":"Desde la versión 3.2 del kernel de Linux, la syscall mremap() realiza vaciados TLB tras soltar bloqueos de tabla de página. Si una syscall como ftruncate() elimina las entradas de las tablas de página de una tarea en medio de mremap(), una entrada TLB obsoleta puede permanecer por poco tiempo, lo que permite el acceso a una página física una vez se ha devuelto al asignador de páginas y se reutiliza. Esto se ha solucionado en las siguientes versiones del kernel: 4.9.135, 4.14.78, 4.18.16 y 4.19."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-459"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"4.9.135","matchCriteriaId":"00CE0B27-26A0-4307-A248-A29D516525D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.136","versionEndExcluding":"4.14.78","matchCriteriaId":"D99EB273-47E2-4E77-9D0D-64C726857DF5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.79","versionEndExcluding":"4.18.16","matchCriteriaId":"9D9D80C7-B3D0-4087-8868-7781AB50744E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18.17","versionEndExcluding":"4.19","matchCriteriaId":"570A682A-5DCF-4050-BFF8-74BA56FF487C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2018/10/29/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/105761","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/106503","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0831","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2019:2029","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2019:2043","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2020:0036","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2020:0100","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2020:0103","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2020:0179","source":"cve@mitre.org"},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1695","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.16","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3832-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3835-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3871-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3871-3/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3871-4/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3871-5/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3880-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3880-2/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/150001/Linux-mremap-TLB-Flush-Too-Late.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2018/10/29/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/105761","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/106503","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0831","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2019:2029","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2019:2043","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2020:0036","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2020:0100","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2020:0103","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2020:0179","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1695","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.78","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb66ae030829605d61fbef1909ce310e29f78821","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3832-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3835-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3871-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3871-3/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3871-4/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3871-5/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3880-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3880-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}