CVE-2018-17182

HIGH

Linux kernel <4.18.8 - Use After Free

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2018-17182. PoCs published by Google Security Research, jas502n, codecat007.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in the Linux kernel's VMA cache implementation (CVE-2018-17182) to achieve local privilege escalation. The PoC manipulates sequence numbers to trigger a stale VMA cache entry, leading to arbitrary memory access and ultimately a root shell.

Description

An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Google Security Research · textlocallinux
https://www.exploit-db.com/exploits/45497

This exploit leverages a use-after-free vulnerability in the Linux kernel's VMA cache implementation (CVE-2018-17182) to achieve local privilege escalation. The PoC manipulates sequence numbers to trigger a stale VMA cache entry, leading to arbitrary memory access and ultimately a root shell.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel versions 3.15 to 4.19 (specifically tested on 4.15.0-34-generic)
No auth needed
Prerequisites: Local access to a vulnerable Linux system · Kernel configured with CONFIG_DEBUG_VM_VMACACHE (for debugging)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 131 stars
by jas502n · poc
https://github.com/jas502n/CVE-2018-17182

This repository contains a working proof-of-concept exploit for CVE-2018-17182, a use-after-free (UAF) vulnerability in the Linux kernel's VMA cache. The exploit targets Ubuntu 18.04 with kernel version 4.15.0-34-generic and can take 40 minutes to an hour to achieve root shell access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel versions 3.16 to 4.18.8
No auth needed
Prerequisites: Linux kernel version 3.16 to 4.18.8 · Local user access
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/kernel/EXP-CVE-2018-17182

This repository contains a functional exploit for CVE-2018-17182, a Linux kernel VMA-UAF vulnerability. The exploit demonstrates privilege escalation by leveraging a use-after-free bug in the VMA cache, leading to root access on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel versions 3.16 to 4.18.8
No auth needed
Prerequisites: Linux kernel version 3.16 to 4.18.8 · Compilation environment · Approximately 40 minutes to 1 hour for execution
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 1 stars
by likekabin · poc
https://github.com/likekabin/vmacache_CVE-2018-17182

This repository contains a working local privilege escalation (LPE) exploit for CVE-2018-17182, targeting a use-after-free vulnerability in the Linux kernel's VMA cache. The exploit manipulates memory mappings and sequence numbers to achieve root access on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel versions before 4.18.9, 4.14.71, 4.9.128, and 4.4.157
No auth needed
Prerequisites: Vulnerable Linux kernel version · Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by jedai47 · poc
https://github.com/jedai47/cve-2018-17182

This PoC exploits a use-after-free (UAF) vulnerability in the Linux kernel (CVE-2018-17182) by manipulating memory mappings and mmap sequences to achieve local privilege escalation. It uses prctl and mmap operations to trigger the vulnerability and gain control over freed memory regions.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel (versions affected by CVE-2018-17182)
No auth needed
Prerequisites: Local access to the target system · Kernel version vulnerable to CVE-2018-17182
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by likekabin · poc
https://github.com/likekabin/CVE-2018-17182

This repository contains a working proof-of-concept exploit for CVE-2018-17182, a Linux kernel VMA-UAF vulnerability. The exploit targets the Linux kernel's memory management subsystem, specifically the VMA cache, to achieve local privilege escalation (LPE) to root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel versions 3.16 to 4.18.8
No auth needed
Prerequisites: Local access to a vulnerable Linux system · Kernel version between 3.16 and 4.18.8
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16
Core References
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3776-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3776-2/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3777-1/
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
Patch, Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190204-0001/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3656
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4308
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105417
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45497/
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2018/09/18/4
Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041748
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3777-2/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106503
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3777-3/

Scores

CVSS v3 7.8
EPSS 0.0851
EPSS Percentile 92.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (8)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
debian/debian_linux 8.0
debian/debian_linux 9.0
linux/linux_kernel 3.16 - 3.16.58
netapp/active_iq_performance_analytics_services
netapp/element_software
Published Sep 19, 2018
Tracked Since Feb 18, 2026