CVE-2018-14625
CVE-2018-14625
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
10 sep 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Productos afectados
[UNKNOWN] · kernel¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2019:2029https://access.redhat.com/errata/RHSA-2019:2043https://access.redhat.com/errata/RHSA-2019:4154https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlhttps://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039https://usn.ubuntu.com/3871-1/https://usn.ubuntu.com/3871-3/https://usn.ubuntu.com/3871-4/https://usn.ubuntu.com/3871-5/https://usn.ubuntu.com/3872-1/https://usn.ubuntu.com/3878-1/