Executive Summary

Informations
Name CVE-2018-14625 First vendor Publication 2018-09-10
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7
Base Score 7 Environmental Score 7
impact SubScore 5.9 Temporal Score 7
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.4 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14625

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-416 Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 4
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2019-01-14 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2019-1145.nasl - Type : ACT_GATHER_INFO
2019-01-10 Name : The remote Amazon Linux 2 host is missing a security update.
File : al2_ALAS-2019-1145.nasl - Type : ACT_GATHER_INFO
2019-01-03 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2018-2645eb8dab.nasl - Type : ACT_GATHER_INFO
2019-01-03 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2018-6e8c330d50.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625
MISC https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039
MLIST https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:4154
UBUNTU https://usn.ubuntu.com/3871-1/
https://usn.ubuntu.com/3871-3/
https://usn.ubuntu.com/3871-4/
https://usn.ubuntu.com/3871-5/
https://usn.ubuntu.com/3872-1/
https://usn.ubuntu.com/3878-1/
https://usn.ubuntu.com/3878-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2023-02-13 09:27:43
  • Multiple Updates
2023-02-02 21:28:04
  • Multiple Updates
2021-05-04 13:09:24
  • Multiple Updates
2021-04-22 02:22:50
  • Multiple Updates
2020-05-23 01:07:42
  • Multiple Updates
2019-08-06 21:19:56
  • Multiple Updates
2019-05-11 05:18:40
  • Multiple Updates
2019-05-03 17:18:37
  • Multiple Updates
2019-03-05 21:19:18
  • Multiple Updates
2019-02-09 17:19:03
  • Multiple Updates
2019-02-05 17:19:24
  • Multiple Updates
2019-01-30 21:18:41
  • Multiple Updates
2018-11-16 21:19:40
  • Multiple Updates
2018-09-10 17:21:38
  • First insertion