Linux kernel is vulnerable to remote code execution (RCE) attacks. This exists in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap()
function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
access.redhat.com/articles/3553061
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
access.redhat.com/errata/RHSA-2018:2948
access.redhat.com/errata/RHSA-2018:3083
access.redhat.com/errata/RHSA-2018:3096
access.redhat.com/security/cve/CVE-2017-18360
access.redhat.com/security/cve/CVE-2018-18690
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1322930
bugzilla.redhat.com/show_bug.cgi?id=1488484
bugzilla.redhat.com/show_bug.cgi?id=1504058
bugzilla.redhat.com/show_bug.cgi?id=1507027
bugzilla.redhat.com/show_bug.cgi?id=1542494
bugzilla.redhat.com/show_bug.cgi?id=1557434
bugzilla.redhat.com/show_bug.cgi?id=1557599
bugzilla.redhat.com/show_bug.cgi?id=1558328
bugzilla.redhat.com/show_bug.cgi?id=1561162
bugzilla.redhat.com/show_bug.cgi?id=1563697
bugzilla.redhat.com/show_bug.cgi?id=1564186
bugzilla.redhat.com/show_bug.cgi?id=1568167
bugzilla.redhat.com/show_bug.cgi?id=1572983
bugzilla.redhat.com/show_bug.cgi?id=1584775
bugzilla.redhat.com/show_bug.cgi?id=1592654
bugzilla.redhat.com/show_bug.cgi?id=1609717
lists.debian.org/debian-lts-announce/2018/05/msg00000.html
patchwork.freedesktop.org/patch/211845/
research.checkpoint.com/mmap-vulnerabilities-linux-kernel/
usn.ubuntu.com/3654-1/
usn.ubuntu.com/3654-2/
usn.ubuntu.com/3656-1/
usn.ubuntu.com/3674-1/
usn.ubuntu.com/3674-2/
usn.ubuntu.com/3677-1/
usn.ubuntu.com/3677-2/
www.debian.org/security/2018/dsa-4187
www.debian.org/security/2018/dsa-4188