Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.843885
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu Update for linux-hwe USN-3872-1
Zusammenfassung:The remote host is missing an update for the 'linux-hwe'; package(s) announced via the USN-3872-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'linux-hwe'
package(s) announced via the USN-3872-1 advisory.

Vulnerability Insight:
It was discovered that a race condition
existed in the vsock address family implementation of the Linux kernel that
could lead to a use-after-free condition. A local attacker in a guest virtual
machine could use this to expose sensitive information (host machine kernel memory).
(CVE-2018-14625)

Cfir Cohen discovered that a use-after-free vulnerability existed in the
KVM implementation of the Linux kernel, when handling interrupts in
environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)

Wei Wu discovered that the KVM implementation in the Linux kernel did not
properly ensure that ioapics were initialized. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-19407)

It was discovered that the crypto subsystem of the Linux kernel leaked
uninitialized memory to user space in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2018-19854)

Affected Software/OS:
linux-hwe on Ubuntu 18.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-14625
Common Vulnerability Exposure (CVE) ID: CVE-2018-16882
Common Vulnerability Exposure (CVE) ID: CVE-2018-19407
Common Vulnerability Exposure (CVE) ID: CVE-2018-19854
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.