Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-14625

Опубликовано: 10 сент. 2018
Источник: nvd
CVSS3: 5.3
CVSS3: 7
CVSS2: 4.4
EPSS Низкий

Описание

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 6%
0.00028
Низкий

5.3 Medium

CVSS3

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-416
CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2018-14625

CVSS3: 5.3
ubuntu
почти 7 лет назад

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

redhat логотип

CVE-2018-14625

CVSS3: 5.3
redhat
почти 7 лет назад

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

debian логотип

CVE-2018-14625

CVSS3: 5.3
debian
почти 7 лет назад

A flaw was found in the Linux Kernel where an attacker may be able to ...

github логотип

GHSA-jrcc-3vp8-hghg

CVSS3: 7
github
около 3 лет назад

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

fstec логотип

BDU:2019-01061

CVSS3: 7
fstec
почти 7 лет назад

Уязвимость функций connect() и close() ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 6%
0.00028
Низкий

5.3 Medium

CVSS3

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-416
CWE-362