CVE-2018-14625
Description
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.064
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux hardware enablement (HWE) kernel (USN-3872-1) linux-image-4.18.0-14-generic_4.18.0-14.15~18.04.1_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3872-1) linux-image-4.18.0-14-generic_4.18.0-14.15~18.04.1_amd64.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3872-1) linux-image-4.18.0-14-lowlatency_4.18.0-14.15~18.04.1_i386.deb | Linux |
| Linux hardware enablement (HWE) kernel (USN-3872-1) linux-image-4.18.0-14-lowlatency_4.18.0-14.15~18.04.1_amd64.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-gcp_4.18.0.1006.6_amd64.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-gke_4.18.0.1006.6_amd64.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-kvm_4.18.0.1007.7_amd64.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-4.18.0-1006-gcp_4.18.0-1006.7_amd64.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-4.18.0-1007-kvm_4.18.0-1007.7_amd64.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-4.18.0-1008-aws_4.18.0-1008.10_amd64.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-4.18.0-14-generic_4.18.0-14.15_i386.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-4.18.0-14-generic_4.18.0-14.15_amd64.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-4.18.0-14-lowlatency_4.18.0-14.15_i386.deb | Linux |
| Linux kernel (USN-3878-1) linux-image-4.18.0-14-lowlatency_4.18.0-14.15_amd64.deb | Linux |
| Linux kernel for Microsoft Azure Cloud systems (USN-3878-2) linux-image-4.18.0-1008-azure_4.18.0-1008.8_amd64.deb | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update bpftool-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-abi-whitelists-3.10.0-1062.el7.noarch.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-debug-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-debug-devel-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-devel-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-doc-3.10.0-1062.el7.noarch.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-headers-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-tools-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-tools-libs-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update kernel-tools-libs-devel-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update perf-3.10.0-1062.el7.x86_64.rpm | Linux |
| (RHSA-2019:2029) kernel security, bug fix, and enhancement update python-perf-3.10.0-1062.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234