A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "255622632361797097115773306345202848429", "207866867995120051277310976169313605973", "290166600378863595526580270753210573014", "317999058989095874985838863324132551046", "258106106354711310492834148269981971536", "115022362363228701739095974166226040694", "197232825218272715593862028288791434930" ], "threshold": 0.9 }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@b71812168571fa55e44cdd0254471331b9c4c4c6", "signature_version": "v1", "id": "CVE-2018-1068-3698ddd3", "target": { "file": "net/bridge/netfilter/ebtables.c" }, "signature_type": "Line", "deprecated": false }, { "digest": { "length": 1077.0, "function_hash": "68040916467074564211321255042952810286" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@b71812168571fa55e44cdd0254471331b9c4c4c6", "signature_version": "v1", "id": "CVE-2018-1068-48667248", "target": { "file": "net/bridge/netfilter/ebtables.c", "function": "ebt_size_mwt" }, "signature_type": "Function", "deprecated": false }, { "digest": { "line_hashes": [ "255622632361797097115773306345202848429", "207866867995120051277310976169313605973", "290166600378863595526580270753210573014", "317999058989095874985838863324132551046", "258106106354711310492834148269981971536", "115022362363228701739095974166226040694", "197232825218272715593862028288791434930" ], "threshold": 0.9 }, "source": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6", "signature_version": "v1", "id": "CVE-2018-1068-591b9f71", "target": { "file": "net/bridge/netfilter/ebtables.c" }, "signature_type": "Line", "deprecated": false }, { "digest": { "length": 1077.0, "function_hash": "68040916467074564211321255042952810286" }, "source": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6", "signature_version": "v1", "id": "CVE-2018-1068-5dbaece2", "target": { "file": "net/bridge/netfilter/ebtables.c", "function": "ebt_size_mwt" }, "signature_type": "Function", "deprecated": false }, { "digest": { "length": 1778.0, "function_hash": "275264441965877635518307668970725812954" }, "source": "https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6", "signature_version": "v1", "id": "CVE-2018-1068-74bcf8e8", "target": { "file": "net/bridge/netfilter/ebtables.c", "function": "size_entry_mwt" }, "signature_type": "Function", "deprecated": false }, { "digest": { "length": 1778.0, "function_hash": "275264441965877635518307668970725812954" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@b71812168571fa55e44cdd0254471331b9c4c4c6", "signature_version": "v1", "id": "CVE-2018-1068-c65f7165", "target": { "file": "net/bridge/netfilter/ebtables.c", "function": "size_entry_mwt" }, "signature_type": "Function", "deprecated": false } ] }