Sunday, May 25, 2025
HomeSecurity News8-year-old Critical Privilege Escalation Vulnerability Found in the Latest Linux Kernel Version

8-year-old Critical Privilege Escalation Vulnerability Found in the Latest Linux Kernel Version

Published on

SIEM as a Service

Follow Us on Google News

The 8-year-old privilege escalation vulnerability allows a local user with access to the vulnerable privileged driver can escalate the privileges to read from and write to sensitive kernel memory.

It is actually an eight-year-old vulnerability and can be used in latest kernel version (4.16-rc3) for escalating privileges.

According to checkpoint researchers, the vulnerability(CVE-2018-8781) resides in the is in the internal mmap() defined in the fb_helper file operations of the “udl” driver of “DisplayLink”.

- Advertisement - Google News

The prototype of the mmap() function from user-space there is plenty of fields an attacker can use to trigger integer overflow vulnerability.

Also Read Linux Exploit Suggester – A Kali Linux Tool to Find the Linux OS Kernel Exploits

The Vulnerability(CVE-2018-8781) receives the cvss score 7.8 and declared as critical. It affects the function udl_fb_mmap of the file drivers/gpu/drm/udl/udl_fb.c of the component udldrmfb Driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. It impacts from Linux kernel version 3.4 up to 4.15.

How the8-year-old privilege escalation vulnerability spotted

To check the vulnerability researchers used an Ubuntu 64-bit virtual machine and uploaded a simulated vulnerable driver. With their, each tests driver’s mmap() handler contained the implementation to check.

The user-mode code performed 2 consecutive calls to mmap() on the vulnerable driver:

length = 0x1000, offset = 0x0 -> sanity check
length = 0x1000, offset = 0xFFFFFFFFFFFFFFFF – 0x1000 + 1 -> vulnerability check

When setting the buffer’s address at the page-aligned physical address of the kernel’s /dev/urandom implementation, the output (in both cases) was the expected result:

The correct physical page: 0x1531000
The previous physical page: 0x1530000

While the vulnerability was found employing a straightforward search, it absolutely was introduced to the kernel eight years agone. This reality will teach us that even on a preferred open supply project because the UNIX operating system Kernel, you may invariably hope to seek out vulnerabilities concluded checkpoint researchers.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Phishing Campaign Uses Blob URLs to Bypass Email Security and Avoid Detection

Cybersecurity researchers at Cofense Intelligence have identified a sophisticated phishing tactic leveraging Blob URIs...

UK Government to Shift Away from Passwords in New Security Move

UK government has unveiled plans to implement passkey technology across its digital services later...

New Spam Campaign Leverages Remote Monitoring Tools to Exploit Organizations

A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco...