CVE-2018-14625

CVSS v3.0 7 (High)

CVSS v2.0 4.4 (Medium)

EPSS 0.06 % (28^th)

Affected Products 3

Advisories 19

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2018-09-10 13:29:00
(6 years ago)
Updated Date: 2023-02-13 04:51:40
(19 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Linux Kernel	cpe:2.3:o:linux:linux_kernel:-

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10

Configuration #3

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Weaknesses

Affected Products

Canonical

Debian

Linux

Configuration #1

Configuration #2

Configuration #3