Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3698-1
HistoryJul 02, 2018 - 12:00 a.m.

Linux kernel vulnerabilities

2018-07-0200:00:00
ubuntu.com
39

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

31.2%

JSON

Releases

  • Ubuntu 14.04 ESM

Packages

  • linux - Linux kernel

Details

It was discovered that the nested KVM implementation in the Linux kernel in
some situations did not properly prevent second level guests from reading
and writing the hardware CR8 register. A local attacker in a guest could
use this to cause a denial of service (system crash). (CVE-2017-12154)

Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array
implementation in the Linux kernel sometimes did not properly handle adding
a new entry. A local attacker could use this to cause a denial of service
(system crash). (CVE-2017-12193)

It was discovered that a race condition existed in the ALSA subsystem of
the Linux kernel when creating and deleting a port via ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-15265)

It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)

Julian Stecklina and Thomas Prescher discovered that FPU register states
(such as MMX, SSE, and AVX registers) which are lazily restored are
potentially vulnerable to a side channel attack. A local attacker could use
this to expose sensitive information. (CVE-2018-3665)

Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)

It was discovered that the SCTP Protocol implementation in the Linux kernel
did not properly validate userspace provided payload lengths in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2018-5803)

It was discovered that an integer overflow error existed in the futex
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)

It was discovered that a memory leak existed in the SAS driver subsystem of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2018-7757)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchlinux-image-3.13.0-153-generic< 3.13.0-153.203UNKNOWN
Ubuntu14.04noarchblock-modules-3.13.0-153-generic-di< 3.13.0-153.203UNKNOWN
Ubuntu14.04noarchcrypto-modules-3.13.0-153-generic-di< 3.13.0-153.203UNKNOWN
Ubuntu14.04noarchfat-modules-3.13.0-153-generic-di< 3.13.0-153.203UNKNOWN
Ubuntu14.04noarchfb-modules-3.13.0-153-generic-di< 3.13.0-153.203UNKNOWN
Ubuntu14.04noarchfirewire-core-modules-3.13.0-153-generic-di< 3.13.0-153.203UNKNOWN
Ubuntu14.04noarchfloppy-modules-3.13.0-153-generic-di< 3.13.0-153.203UNKNOWN
Ubuntu14.04noarchfs-core-modules-3.13.0-153-generic-di< 3.13.0-153.203UNKNOWN
Ubuntu14.04noarchfs-secondary-modules-3.13.0-153-generic-di< 3.13.0-153.203UNKNOWN
Ubuntu14.04noarchinput-modules-3.13.0-153-generic-di< 3.13.0-153.203UNKNOWN
Rows per page:
1-10 of 591

Related

openvas 37
ubuntu 3
nessus 60
altlinux 2
oraclelinux 4
ibm 1
fedora 4
prion 9
veracode 9
ubuntucve 8
virtuozzo 6
redhat 3
redhatcve 9
debiancve 9
cve 9
thn 2
f5 5
osv 4
amazon 2
alpinelinux 1
citrix 1
mskb 1
freebsd_advisory 1
lenovo 2
mscve 1
paloalto 1
xen 1
debian 1
zdt 1
intel 1
freebsd 1
openvas
openvas
Ubuntu: Security Advisory (USN-3698-2)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-3698-1)
2018-07-03 00:00:00
Ubuntu: Security Advisory (USN-3697-1)
2018-07-03 00:00:00
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2018-07-02 00:00:00
Linux kernel vulnerabilities
2018-07-02 00:00:00
Linux kernel (OEM) vulnerabilities
2018-07-02 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3698-1)
2018-07-03 00:00:00
Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3697-1)
2018-07-03 00:00:00
Ubuntu 16.04 LTS : Linux kernel (OEM) vulnerabilities (USN-3697-2)
2018-07-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-un-def version 1:4.1.46-alt0.M70P.1
2017-11-16 00:00:00
Security fix for the ALT Linux 7 package kernel-image-un-def version 1:4.1.44-alt0.M70P.1.1
2017-10-17 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-08-09 00:00:00
Unbreakable Enterprise kernel security update
2018-11-08 00:00:00
Unbreakable Enterprise kernel security update
2018-06-15 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:38:34
fedora
fedora
[SECURITY] Fedora 27 Update: kernel-4.15.8-300.fc27
2018-03-13 23:26:22
[SECURITY] Fedora 26 Update: kernel-4.13.11-200.fc26
2017-11-07 22:22:27
[SECURITY] Fedora 25 Update: kernel-4.13.11-100.fc25
2017-11-07 23:42:04
prion
prion
Design/Logic Flaw
2017-09-26 05:29:00
Design/Logic Flaw
2018-01-26 19:29:00
Code injection
2018-03-08 07:29:00
veracode
veracode
Authorization Bypass
2019-05-16 02:50:21
Denial Of Service (DoS)
2019-01-15 09:27:22
NULL Pointer Dereference
2019-05-16 02:13:54
ubuntucve
ubuntucve
CVE-2017-15265
2017-10-16 00:00:00
CVE-2017-12154
2017-09-26 00:00:00
CVE-2018-5750
2018-01-26 00:00:00
virtuozzo
virtuozzo
Kernel security update: CVE-2017-15265; new kernel 2.6.32-042stab126.1, Virtuozzo 6.0 Update 12 Hotfix 18 (6.0.12-3688)
2017-11-20 00:00:00
Kernel security update: CVE-2017-12193; Virtuozzo ReadyKernel patch 37.1 for Virtuozzo 7.0.0, 7.0.1, 7.0.3, 7.0.4, and 7.0.4 HF3
2017-11-10 00:00:00
Kernel security update: CVE-2017-15265; new kernel 2.6.32-042stab126.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2017-11-20 00:00:00
redhat
redhat
(RHSA-2018:3823) Moderate: kernel security and bug fix update
2018-12-12 14:22:12
(RHSA-2018:1944) Moderate: kernel-rt security update
2018-06-19 13:05:06
(RHSA-2018:1852) Moderate: kernel security update
2018-06-14 19:11:57
redhatcve
redhatcve
CVE-2017-12154
2017-09-13 11:48:51
CVE-2018-7755
2019-10-18 18:13:50
CVE-2017-15265
2017-10-13 12:19:21
debiancve
debiancve
CVE-2018-5750
2018-01-26 19:29:00
CVE-2018-7755
2018-03-08 07:29:00
CVE-2017-12193
2017-11-22 18:29:00
cve
cve
CVE-2018-5750
2018-01-26 19:29:00
CVE-2017-15265
2017-10-16 18:29:00
CVE-2017-12154
2017-09-26 05:29:00
thn
thn
Yet Another Linux Kernel Privilege-Escalation Bug Discovered
2017-10-16 04:02:00
New 'Lazy FP State Restore' Vulnerability Found in All Modern Intel CPUs
2018-06-14 07:59:00
f5
f5
K32616738 : Linux kernel vulnerability CVE-2017-15265
2018-08-28 00:00:00
K89434121 : Linux kernel vulnerability CVE-2017-12193
2018-01-29 00:00:00
K22503522 : Linux kernel vulnerability CVE-2018-7757
2018-06-21 00:00:00
osv
osv
CVE-2018-5750
2018-01-26 19:29:00
CVE-2018-6927
2018-02-12 19:29:01
xen - security update
2018-06-20 00:00:00
amazon
amazon
Low: kernel
2019-09-13 23:08:00
Low: kernel
2019-09-13 22:43:00
alpinelinux
alpinelinux
CVE-2018-7757
2018-03-08 14:29:00
citrix
citrix
CVE-2018-3665 - Citrix XenServer Security Update
2018-06-15 04:00:00
mskb
mskb
Description of the security update for the L1TF variant vulnerabilities in Windows Server 2008: August 14, 2018
2018-08-14 07:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-18:07.lazyfpu
2018-06-21 00:00:00
lenovo
lenovo
Lazy FP State Restore - Lenovo Support NL
2018-12-13 11:22:07
Lazy FP State Restore - US
2018-12-13 11:22:07
mscve
mscve
Microsoft Guidance for Lazy FP State Restore
2018-06-13 07:00:00
paloalto
paloalto
Information Disclosure in WildFire Appliance (WF-500)
2019-07-08 22:15:00
xen
xen
Speculative register leakage from lazy FPU context switching
2018-06-13 20:23:00
debian
debian
[SECURITY] [DSA 4232-1] xen security update
2018-06-20 07:02:39
zdt
zdt
Linux Kernel _sctp_make_chunk() Denial Of Service Vulnerability
2018-03-02 00:00:00
intel
intel
Lazy FP State Restore
2018-06-13 00:00:00
freebsd
freebsd
FreeBSD -- Lazy FPU State Restore Information Disclosure
2018-06-21 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

31.2%

JSON
Related for USN-3698-1
openvas37ubuntu3nessus60altlinux2oraclelinux4ibm1fedora4prion9veracode9ubuntucve8virtuozzo6redhat3redhatcve9debiancve9cve9thn2f55osv4amazon2alpinelinux1citrix1mskb1freebsd_advisory1lenovo2mscve1paloalto1xen1debian1zdt1intel1freebsd1