7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.9 High
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
64.5%
Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly ensure that xattr information remained in inode
bodies. An attacker could use this to construct a malicious ext4 image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-10880)
It was discovered that the alarmtimer implementation in the Linux kernel
contained an integer overflow vulnerability. A local attacker could use
this to cause a denial of service. (CVE-2018-13053)
Wen Xu discovered that the f2fs filesystem implementation in the Linux
kernel did not properly validate metadata. An attacker could use this to
construct a malicious f2fs image that, when mounted, could cause a denial
of service (system crash). (CVE-2018-13096)
Wen Xu and Po-Ning Tseng discovered that the btrfs filesystem
implementation in the Linux kernel did not properly handle relocations in
some situations. An attacker could use this to construct a malicious btrfs
image that, when mounted, could cause a denial of service (system crash).
(CVE-2018-14609)
Wen Xu discovered that the HFS+ filesystem implementation in the Linux
kernel did not properly handle malformed catalog data in some situations.
An attacker could use this to construct a malicious HFS+ image that, when
mounted, could cause a denial of service (system crash). (CVE-2018-14617)
Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)
It was discovered that the KVM implementation in the Linux kernel on ARM
64bit processors did not properly handle some ioctls. An attacker with the
privilege to create KVM-based virtual machines could use this to cause a
denial of service (host system crash) or execute arbitrary code in the
host. (CVE-2018-18021)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | linux-image-4.4.0-1037-kvm | < 4.4.0-1037.43 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-cloud-tools-4.4.0-1037-kvm | < 4.4.0-1037.43 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-headers-4.4.0-1037-kvm | < 4.4.0-1037.43 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-image-4.4.0-1037-kvm-dbgsym | < 4.4.0-1037.43 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-cloud-tools-4.4.0-1037 | < 4.4.0-1037.43 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-cloud-tools-4.4.0-1037-dbgsym | < 4.4.0-1037.43 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-headers-4.4.0-1037 | < 4.4.0-1037.43 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-tools-4.4.0-1037 | < 4.4.0-1037.43 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-tools-4.4.0-1037-dbgsym | < 4.4.0-1037.43 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-tools-4.4.0-1037-kvm | < 4.4.0-1037.43 | UNKNOWN |
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.9 High
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
64.5%