PT-2018-2586 · Linux+5 · Linux Kernel+5

Syzbot

Published

2018-09-09

Updated

2023-02-13

CVE-2018-14625

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description The issue is related to a flaw in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between the connect() and close() functions may allow an attacker using the AF VSOCK protocol to gather a 4-byte information leak or possibly intercept or corrupt AF VSOCK messages destined to other clients.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

ALT-PU-2018-2835

ALT-PU-2018-2842

ALT-PU-2018-2843

ALT-PU-2018-2844

BDU:2019-01061

CESA-2019_2029

CVE-2018-14625

DLA-1771-1

MGASA-2018-0487

MGASA-2019-0098

MGASA-2019-0171

OPENSUSE-SU-2019:0065-1

OPENSUSE-SU-2019_0065-1

RHSA-2019:2029

RHSA-2019:2043

RHSA-2019:4154

RHSA-2019_2029

RHSA-2019_2043

SUSE-SU-2019:0150-1

SUSE-SU-2019:0196-1

SUSE-SU-2019:0222-1

SUSE-SU-2019:0224-1

USN-3871-1

USN-3871-2

USN-3871-3

USN-3871-4

USN-3871-5

USN-3872-1

USN-3878-1

USN-3878-2

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2018-2586 · Linux+5 · Linux Kernel+5

CVE-2018-14625

Weakness Enumeration

Related Identifiers

Affected Products

References · 432