BDU:2019-01061

Уязвимость функций connect() и close() ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.6) Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C

References:

CVE-2018-14625

Published: 2018-09-10
Modified: 2024-11-21

CVE-2018-14625

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

Severity: MEDIUM (4.4) Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Package kernel-image-un-def update in c7.1 on 2018-12-17

ALT-PU-2018-2866-1

Closed vulnerabilities

BDU:2019-01061

CVE-2018-14625