Information disclosure in Linux Kernel

Published: 2018-05-16 12:13:30
Severity Low
Patch available NO
Number of vulnerabilities 1
CVE ID CVE-2018-1118
CVSSv3 5.1 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CWE ID CWE-665
Exploitation vector Local
Public exploit Not available
Vulnerable software Linux kernel
Vulnerable software versions Linux kernel 4.8.0
Linux kernel 4.8.1
Linux kernel 4.8.2
Show more
Vendor URL Linux Foundation

Security Advisory

1) Improper initialization

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists in the vhost/vhost.c:vhost_new_msg() function due to improper initialization of memory in messages that are passed between virtual guests and the host operating system. A local attacker can read from the /dev/vhost-net device file and read sensitive kernel memory information.

Remediation

Cybersecurity is currently unaware of any solutions addressing the vulnerability.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118

Back to List