Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
392
VMScore

CVE-2018-14625

Published: 10/09/2018 Updated: 13/02/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Linux

Vulnerability Summary

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel -

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

debian debian linux 8.0

Vendor Advisories

Red Hat: Important: kernel-alt security, bug fix, and enhancement update
Synopsis Important: kernel-alt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Amazon Linux 2: ALAS2-2019-1145
The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usbc(CVE-2018-20169) A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest A race condition between connect() and close() function may allow a ...
Amazon Linux AMI: ALAS-2019-1145
The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usbc(CVE-2018-20169) A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest A race condition between connect() and close() function may allow a ...
Ubuntu Security Notice: linux regression
Multiple regressions were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-hwe regression
USN-3878-1 introduced a regression in the Linux kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2018-14625
A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory ...

References

CWE-416https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625https://usn.ubuntu.com/3872-1/https://usn.ubuntu.com/3871-1/https://usn.ubuntu.com/3878-1/https://usn.ubuntu.com/3871-4/https://usn.ubuntu.com/3871-3/https://usn.ubuntu.com/3878-2/https://usn.ubuntu.com/3871-5/https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlhttps://access.redhat.com/errata/RHSA-2019:2043https://access.redhat.com/errata/RHSA-2019:2029https://access.redhat.com/errata/RHSA-2019:4154https://access.redhat.com/errata/RHSA-2019:4154https://nvd.nist.govhttps://usn.ubuntu.com/3871-2/https://alas.aws.amazon.com/AL2/ALAS-2019-1145.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook