Lucene search

K
ubuntuUbuntuUSN-3641-1
HistoryMay 08, 2018 - 12:00 a.m.

Linux kernel vulnerabilities

2018-05-0800:00:00
ubuntu.com
64

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

31.1%

Releases

  • Ubuntu 17.10
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-euclid - Linux kernel for Intel Euclid systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe - Linux hardware enablement (HWE) kernel
  • linux-kvm - Linux kernel for cloud environments
  • linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
  • linux-oem - Linux kernel for OEM processors
  • linux-raspi2 - Linux kernel for Raspberry Pi 2
  • linux-snapdragon - Linux kernel for Snapdragon processors

Details

Nick Peterson discovered that the Linux kernel did not
properly handle debug exceptions following a MOV/POP to SS
instruction. A local attacker could use this to cause a denial
of service (system crash). This issue only affected the amd64
architecture. (CVE-2018-8897)

Andy Lutomirski discovered that the KVM subsystem of the Linux kernel
did not properly emulate the ICEBP instruction following a MOV/POP
to SS instruction. A local attacker in a KVM virtual machine could
use this to cause a denial of service (guest VM crash) or possibly
escalate privileges inside of the virtual machine. This issue only
affected the i386 and amd64 architectures. (CVE-2018-1087)

Andy Lutomirski discovered that the Linux kernel did not properly
perform error handling on virtualized debug registers. A local
attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2018-1000199)

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

31.1%