QwikSec

Security Database

CVE

CWE

Training

CVE-2018-14625

Published: Sep 10, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

5.3

MEDIUM

Description

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

Vendor	Product	Versions
[UNKNOWN]	kernel	affected `n/a`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.