Main Vulnerability Database SB2018082039

SB2018082039 - Input validation error in Linux kernel kernel cpu

Published: August 20, 2018

Security Bulletin ID SB2018082039

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2018-15572)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the spectre_v2_parse_cmdline() and pr_info() functions in arch/x86/kernel/cpu/bugs.c. A local user can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf82a7856b32d905c39afc85e34364491e46346
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1
https://github.com/torvalds/linux/commit/fdf82a7856b32d905c39afc85e34364491e46346
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://usn.ubuntu.com/3775-1/
https://usn.ubuntu.com/3775-2/
https://usn.ubuntu.com/3776-1/
https://usn.ubuntu.com/3776-2/
https://usn.ubuntu.com/3777-1/
https://usn.ubuntu.com/3777-2/
https://usn.ubuntu.com/3777-3/
https://www.debian.org/security/2018/dsa-4308