Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2018-19854

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 04 Π΄Π΅ΠΊ. 2018
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS2: 1.9
CVSS3: 4.7

ОписаниС

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.15.0-46.49
cosmic

released

4.18.0-14.15
devel

not-affected

4.19.0-12.13
esm-infra-legacy/trusty

not-affected

3.11.0-12.19
esm-infra-legacy/xenial

not-affected

4.2.0-16.19
esm-infra/bionic

released

4.15.0-46.49
esm-infra/xenial

not-affected

4.2.0-16.19
precise/esm

ignored

end of life, was needs-triage
trusty

not-affected

3.11.0-12.19
trusty/esm

not-affected

3.11.0-12.19

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.15.0-1033.35
cosmic

released

4.18.0-1008.10
devel

not-affected

4.18.0-1008.10
esm-infra-legacy/trusty

not-affected

4.4.0-1002.2
esm-infra-legacy/xenial

not-affected

4.4.0-1001.10
esm-infra/bionic

released

4.15.0-1033.35
esm-infra/xenial

not-affected

4.4.0-1001.10
precise/esm

DNE

trusty

not-affected

4.4.0-1002.2
trusty/esm

not-affected

4.4.0-1002.2

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

released

4.15.0-1033.35~16.04.1
esm-infra/xenial

released

4.15.0-1033.35~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc3

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.18.0-1011.11~18.04.1
cosmic

released

4.18.0-1008.8
devel

not-affected

4.18.0-1008.8
esm-infra-legacy/trusty

released

4.15.0-1040.44~14.04.1
esm-infra-legacy/xenial

released

4.15.0-1040.44
esm-infra/bionic

released

4.18.0-1011.11~18.04.1
esm-infra/xenial

released

4.15.0-1040.44
precise/esm

DNE

trusty

released

4.15.0-1040.44~14.04.1
trusty/esm

released

4.15.0-1040.44~14.04.1

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.18.0-1011.11~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.18.0-1011.11~18.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc3
xenial

released

4.15.0-1040.44

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc3

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc3

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.15.0-1028.29
cosmic

released

4.18.0-1006.7
devel

not-affected

4.18.0-1006.7
esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

released

4.15.0-1028.29~16.04.1
esm-infra/bionic

released

4.15.0-1028.29
esm-infra/xenial

released

4.15.0-1028.29~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.18.0-1006.7~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.18.0-1006.7~18.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc3
xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc3
xenial

ignored

end of standard support

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc3

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc3
xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.18.0-14.15~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

released

4.15.0-46.49~16.04.1
esm-infra/bionic

released

4.18.0-14.15~18.04.1
esm-infra/xenial

released

4.15.0-46.49~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

not-affected

5.0.0-8.9~18.04.1
cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

released

4.15.0-46.49~16.04.1
esm-infra/bionic

not-affected

5.0.0-8.9~18.04.1
esm-infra/xenial

released

4.15.0-46.49~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.15.0-1030.30
cosmic

released

4.18.0-1007.7
devel

not-affected

4.18.0-1007.7
esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

not-affected

4.4.0-1004.9
esm-infra/bionic

released

4.15.0-1030.30
esm-infra/xenial

not-affected

4.4.0-1004.9
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

precise/esm

ignored

end of life, was needs-triage
trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc3
xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.20~rc3
xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.20~rc3
xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [end of standard support]
upstream

released

4.20~rc3
xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

not-affected

4.4.0-13.29~14.04.1
precise/esm

DNE

trusty

not-affected

4.4.0-13.29~14.04.1
trusty/esm

not-affected

4.4.0-13.29~14.04.1
upstream

released

4.20~rc3
xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc3
xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-apps-legacy/xenial

DNE

esm-apps/xenial

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc3

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

trusty was ignored [abandoned]
upstream

released

4.20~rc3
xenial

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.15.0-1034.39
cosmic

released

4.15.0-1034.39
devel

not-affected

4.15.0-1034.39
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

4.15.0-1034.39
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc3
xenial

ignored

end of standard support, was needs-triage

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.15.0-1009.11
cosmic

not-affected

devel

not-affected

4.15.0-1009.11
esm-infra-legacy/trusty

DNE

esm-infra-legacy/xenial

released

4.15.0-1009.11~16.04.1
esm-infra/bionic

released

4.15.0-1009.11
esm-infra/xenial

released

4.15.0-1009.11~16.04.1
precise/esm

DNE

trusty

DNE

trusty/esm

DNE

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

released

4.15.0-1032.34
cosmic

released

4.18.0-1009.11
devel

not-affected

4.18.0-1009.11
esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc3
xenial

not-affected

4.2.0-1013.19

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
bionic

not-affected

cosmic

DNE

devel

not-affected

esm-infra-legacy/trusty

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

4.20~rc3
xenial

not-affected

4.4.0-1012.12

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 34%
0.00433
Низкий

1.9 Low

CVSS2

4.7 Medium

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2018-19854

CVSS3: 3.3
redhat
большС 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2018-19854

CVSS3: 4.7
nvd
большС 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2018-19854

CVSS3: 4.7
debian
большС 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in the Linux kernel before 4.19.3. crypto_repo ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-328v-h46x-hhhx

CVSS3: 4.7
github
ΠΎΠΊΠΎΠ»ΠΎ 4 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2019-01062

CVSS3: 4.7
fstec
большС 7 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΈ crypto_report_one() ядра ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы Linux, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ ΠΏΠΎΠ»ΡƒΡ‡ΠΈΡ‚ΡŒ нСсанкционированный доступ ΠΊ Π·Π°Ρ‰ΠΈΡ‰Π°Π΅ΠΌΠΎΠΉ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 34%
0.00433
Низкий

1.9 Low

CVSS2

4.7 Medium

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2018-19854