CVE-2018-14625
CVE-2018-14625
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
10 set 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Produtos afetados
[UNKNOWN] · kernelQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2019:2029https://access.redhat.com/errata/RHSA-2019:2043https://access.redhat.com/errata/RHSA-2019:4154https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlhttps://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039https://usn.ubuntu.com/3871-1/https://usn.ubuntu.com/3871-3/https://usn.ubuntu.com/3871-4/https://usn.ubuntu.com/3871-5/https://usn.ubuntu.com/3872-1/https://usn.ubuntu.com/3878-1/