Slackware Linux update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-3615 CVE-2018-3620 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Slackware Linux Operating systems & Components / Operating system linux-4.4.153/kernel-headers Operating systems & Components / Operating system package or component linux-4.4.153/kernel-modules Operating systems & Components / Operating system package or component linux-4.4.153/kernel-huge Operating systems & Components / Operating system package or component linux-4.4.153/kernel-generic Operating systems & Components / Operating system package or component |
| Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Side-channel attack
EUVDB-ID: #VU14410
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-3615
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and Intel® software guard extensions (Intel® SGX). A local attacker can conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache from an enclave.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.153/kernel-headers: All versions
linux-4.4.153/kernel-modules: All versions
linux-4.4.153/kernel-huge: All versions
linux-4.4.153/kernel-generic: All versions
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:a:slackware:linux-4.4.153_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:linux-4.4.153_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:linux-4.4.153_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:linux-4.4.153_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Side-channel attack
EUVDB-ID: #VU14411
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-3620
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.
Update the affected package kernel.
Vulnerable software versionsSlackware Linux: 14.2
linux-4.4.153/kernel-headers: All versions
linux-4.4.153/kernel-modules: All versions
linux-4.4.153/kernel-huge: All versions
linux-4.4.153/kernel-generic: All versions
CPE2.3- cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*
- cpe:2.3:a:slackware:linux-4.4.153_kernel-headers:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:linux-4.4.153_kernel-modules:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:linux-4.4.153_kernel-huge:*:*:*:*:*:slackware_linux:*:*
- cpe:2.3:a:slackware:linux-4.4.153_kernel-generic:*:*:*:*:*:slackware_linux:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
