2.5 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.6 Low
AI Score
Confidence
Low
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%
USN-4006-1 fixed a vulnerability in the Linux kernel for Ubuntu 18.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.
Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.
As a hardening measure, this update disables a.out support.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 18.04 | noarch | linux-image-4.18.0-21-generic | < 4.18.0-21.22~18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | kernel-signed-image-4.18.0-21-generic-di | < 4.18.0-21.22~18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.18.0-21-generic-dbgsym | < 4.18.0-21.22~18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.18.0-21-lowlatency | < 4.18.0-21.22~18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.18.0-21-lowlatency-dbgsym | < 4.18.0-21.22~18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.18.0-21-generic-lpae | < 4.18.0-21.22~18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | block-modules-4.18.0-21-generic-di | < 4.18.0-21.22~18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | crypto-modules-4.18.0-21-generic-di | < 4.18.0-21.22~18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | fat-modules-4.18.0-21-generic-di | < 4.18.0-21.22~18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | fb-modules-4.18.0-21-generic-di | < 4.18.0-21.22~18.04.1 | UNKNOWN |
2.5 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.6 Low
AI Score
Confidence
Low
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.2%