Userspace Vulnerability in Linux Kernel by Canonical
CVE-2018-15572

6.5MEDIUM

Key Information:

Vendor
Debian
Status
Debian Linux
Vendor
CVE Published:
20 August 2018

Summary

The spectre_v2_select_mitigation function in the Linux kernel before version 4.18.1 fails to properly fill the Return Stack Buffer (RSB) during context switches. This oversight can be exploited by attackers to perform userspace-userspace Spectre RSB attacks, potentially compromising sensitive data across user processes. As systems become increasingly interconnected, this vulnerability illustrates the need for enhanced security measures in kernel operations and user isolation.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linu...
x_refsource_MISC
https://usn.ubuntu.com/3776-1/
vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3776-2/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.