UbuntuUSN-3695-1Linux kernel vulnerabilities
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
57.8%
Releases
- Ubuntu 18.04 ESM
Packages
- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-azure - Linux kernel for Microsoft Azure Cloud systems
- linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm - Linux kernel for cloud environments
- linux-oem - Linux kernel for OEM processors
- linux-raspi2 - Linux kernel for Raspberry Pi 2
Details
Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)
It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly validate xattr sizes. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-1095)
Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)
It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | linux-image-4.15.0-1010-gcp | <Â 4.15.0-1010.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-gcp-headers-4.15.0-1010 | <Â 4.15.0-1010.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-gcp-tools-4.15.0-1010 | <Â 4.15.0-1010.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-gcp-tools-4.15.0-1010-dbgsym | <Â 4.15.0-1010.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-headers-4.15.0-1010-gcp | <Â 4.15.0-1010.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-image-4.15.0-1010-gcp-dbgsym | <Â 4.15.0-1010.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-modules-4.15.0-1010-gcp | <Â 4.15.0-1010.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-modules-extra-4.15.0-1010-gcp | <Â 4.15.0-1010.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-tools-4.15.0-1010-gcp | <Â 4.15.0-1010.10 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-image-4.15.0-1011-aws | <Â 4.15.0-1011.11 | UNKNOWN |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
57.8%