Main Vulnerability Database Vulnerabilities #VU14495

#VU14495 Information disclosure in Linux kernel - CVE-2018-15594

Published: August 20, 2018 / Updated: August 22, 2018

Vulnerability identifier: #VU14495

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-15594

CWE-ID: CWE-200

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows an adjacent attacker to conduct Spectre version 2 (Spectre-v2) attacks.

The vulnerability exists in the arch/x86/kernel/paravirt.c source code file due to improper handling of indirect calls to CALLEE_SAVE paravirtual functions. A remote attacker can access the system and execute an application that submits malicious input to access sensitive information, which could be used to conduct additional attacks.

Remediation

Update to version 4.18.1.

External links

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1

#VU14495 Information disclosure in Linux kernel - CVE-2018-15594

Description

Remediation

External links

Please verify you're human