Local Privilege Escalation in Linux Kernel on Ubuntu 18.10 with UEFI Secure Boot
CVE-2018-18653
7.8HIGH
Summary
A vulnerability in the Linux kernel used in Ubuntu 18.10 allows privileged local users to bypass Secure Boot restrictions, enabling them to execute untrusted code. This issue arises from a flaw in the handling of signature verification results in modified kernel/module.c when specific configuration options are set. As a result, unauthorized kernel modules can be loaded, potentially compromising system integrity and security.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved