PT-2018-14563 · Linux+1 · Linux Kernel+1

Daniel Dadap

Published

2018-10-25

Updated

2019-10-03

CVE-2018-18653

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions used in Ubuntu 18.10

Description The issue allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs due to a modified kernel/module.c, in conjunction with certain configuration options, leading to mishandling of the result of signature verification.

Recommendations For Ubuntu 18.10, consider disabling UEFI Secure Boot or restricting the loading of kernel modules until a patch is available.

Exploit

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2018-18653

USN-3832-1

USN-3835-1

Affected Products

Linux Kernel

Ubuntu

PT-2018-14563 · Linux+1 · Linux Kernel+1

CVE-2018-18653

Weakness Enumeration

Related Identifiers

Affected Products

References · 13