Vulnerability identifier: #VU14495

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-15594

CWE-ID: CWE-200

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows an adjacent attacker to conduct Spectre version 2 (Spectre-v2) attacks.

The vulnerability exists in the arch/x86/kernel/paravirt.c source code file due to improper handling of indirect calls to CALLEE_SAVE paravirtual functions. A remote attacker can access the system and execute an application that submits malicious input to access sensitive information, which could be used to conduct additional attacks. 

Mitigation
Update to version 4.18.1.

Vulnerable software versions

Linux kernel: 4.17 - 4.17.18, 4.16 - 4.16.18, 4.4.150 - 4.4.151, 4.15.0 - 4.15.18

---

External links
http://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.