7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5.5 Medium
AI Score
Confidence
Low
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
43.5%
USN-3836-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
Jann Horn discovered that the Linux kernel mishandles mapping UID or GID
ranges inside nested user namespaces in some situations. A local attacker
could use this to bypass access controls on resources outside the
namespace. (CVE-2018-18955)
Philipp Wendler discovered that the overlayfs implementation in the Linux
kernel did not properly verify the directory contents permissions from
within a unprivileged user namespace. A local attacker could use this to
expose sensitive information (protected file names). (CVE-2018-6559)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | linux-image-4.15.0-42-generic | < 4.15.0-42.45~16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | block-modules-4.15.0-42-generic-di | < 4.15.0-42.45~16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | crypto-modules-4.15.0-42-generic-di | < 4.15.0-42.45~16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | fat-modules-4.15.0-42-generic-di | < 4.15.0-42.45~16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | fb-modules-4.15.0-42-generic-di | < 4.15.0-42.45~16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | firewire-core-modules-4.15.0-42-generic-di | < 4.15.0-42.45~16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | floppy-modules-4.15.0-42-generic-di | < 4.15.0-42.45~16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | fs-core-modules-4.15.0-42-generic-di | < 4.15.0-42.45~16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | fs-secondary-modules-4.15.0-42-generic-di | < 4.15.0-42.45~16.04.1 | UNKNOWN |
Ubuntu | 16.04 | noarch | input-modules-4.15.0-42-generic-di | < 4.15.0-42.45~16.04.1 | UNKNOWN |
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5.5 Medium
AI Score
Confidence
Low
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
43.5%