7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
31.2%
It was discovered that the nested KVM implementation in the Linux kernel in
some situations did not properly prevent second level guests from reading
and writing the hardware CR8 register. A local attacker in a guest could
use this to cause a denial of service (system crash). (CVE-2017-12154)
Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)
It was discovered that a race condition existed in the ALSA subsystem of
the Linux kernel when creating and deleting a port via ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15265)
It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)
Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazily restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)
Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)
It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)
It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)
It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)
It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | linux-image-3.13.0-153-generic | < 3.13.0-153.203 | UNKNOWN |
Ubuntu | 14.04 | noarch | block-modules-3.13.0-153-generic-di | < 3.13.0-153.203 | UNKNOWN |
Ubuntu | 14.04 | noarch | crypto-modules-3.13.0-153-generic-di | < 3.13.0-153.203 | UNKNOWN |
Ubuntu | 14.04 | noarch | fat-modules-3.13.0-153-generic-di | < 3.13.0-153.203 | UNKNOWN |
Ubuntu | 14.04 | noarch | fb-modules-3.13.0-153-generic-di | < 3.13.0-153.203 | UNKNOWN |
Ubuntu | 14.04 | noarch | firewire-core-modules-3.13.0-153-generic-di | < 3.13.0-153.203 | UNKNOWN |
Ubuntu | 14.04 | noarch | floppy-modules-3.13.0-153-generic-di | < 3.13.0-153.203 | UNKNOWN |
Ubuntu | 14.04 | noarch | fs-core-modules-3.13.0-153-generic-di | < 3.13.0-153.203 | UNKNOWN |
Ubuntu | 14.04 | noarch | fs-secondary-modules-3.13.0-153-generic-di | < 3.13.0-153.203 | UNKNOWN |
Ubuntu | 14.04 | noarch | input-modules-3.13.0-153-generic-di | < 3.13.0-153.203 | UNKNOWN |
ubuntu.com/security/CVE-2017-12154
ubuntu.com/security/CVE-2017-12193
ubuntu.com/security/CVE-2017-15265
ubuntu.com/security/CVE-2018-1130
ubuntu.com/security/CVE-2018-3665
ubuntu.com/security/CVE-2018-5750
ubuntu.com/security/CVE-2018-5803
ubuntu.com/security/CVE-2018-6927
ubuntu.com/security/CVE-2018-7755
ubuntu.com/security/CVE-2018-7757
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
31.2%