UbuntuUSN-3697-1Linux kernel vulnerabilities
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
31.2%
Releases
- Ubuntu 17.10
Packages
- linux - Linux kernel
- linux-raspi2 - Linux kernel for Raspberry Pi 2
Details
It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)
Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)
Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)
It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)
It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)
It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)
It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 17.10 | noarch | linux-image-generic | < 4.13.0.46.49 | UNKNOWN |
| Ubuntu | 17.10 | noarch | linux-image-generic-lpae | < 4.13.0.46.49 | UNKNOWN |
| Ubuntu | 17.10 | noarch | linux-image-4.13.0-1023-raspi2 | < 4.13.0-1023.24 | UNKNOWN |
| Ubuntu | 17.10 | noarch | linux-headers-4.13.0-1023-raspi2 | < 4.13.0-1023.24 | UNKNOWN |
| Ubuntu | 17.10 | noarch | linux-image-4.13.0-1023-raspi2-dbgsym | < 4.13.0-1023.24 | UNKNOWN |
| Ubuntu | 17.10 | noarch | linux-raspi2-headers-4.13.0-1023 | < 4.13.0-1023.24 | UNKNOWN |
| Ubuntu | 17.10 | noarch | linux-raspi2-tools-4.13.0-1023 | < 4.13.0-1023.24 | UNKNOWN |
| Ubuntu | 17.10 | noarch | linux-raspi2-tools-4.13.0-1023-dbgsym | < 4.13.0-1023.24 | UNKNOWN |
| Ubuntu | 17.10 | noarch | linux-tools-4.13.0-1023-raspi2 | < 4.13.0-1023.24 | UNKNOWN |
| Ubuntu | 17.10 | noarch | linux-image-4.13.0-46-generic | < 4.13.0-46.51 | UNKNOWN |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
31.2%