Linux Kernel Vulnerability in Paravirtual Guests
CVE-2018-15594

5.5MEDIUM

Key Information:

Vendor
Debian
Status
Debian Linux
Vendor
CVE Published:
20 August 2018

Summary

The Linux kernel prior to version 4.18.1 contains a flaw in the handling of certain indirect calls within arch/x86/kernel/paravirt.c. This vulnerability may enable attackers to launch Spectre-v2 attacks against paravirtualized guests, potentially compromising the confidentiality of sensitive information. Remediation measures should be enacted promptly to mitigate exploitation risks.

References

https://usn.ubuntu.com/3776-1/
vendor-advisoryx_refsource_UBUNTU
https://twitter.com/grsecurity/status/1029324426142199808
x_refsource_MISC
https://usn.ubuntu.com/3776-2/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.