Local Privilege Escalation in Linux Kernel on Ubuntu 18.10 with UEFI Secure Boot
CVE-2018-18653

7.8HIGH

Key Information:

Vendor

Canonical

Status
Ubuntu Linux
Vendor
CVE Published:
26 October 2018

What is CVE-2018-18653?

A vulnerability in the Linux kernel used in Ubuntu 18.10 allows privileged local users to bypass Secure Boot restrictions, enabling them to execute untrusted code. This issue arises from a flaw in the handling of signature verification results in modified kernel/module.c when specific configuration options are set. As a result, unauthorized kernel modules can be loaded, potentially compromising system integrity and security.

References

https://launchpad.net/bugs/1798863
x_refsource_MISC
https://usn.ubuntu.com/3835-1/
vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3832-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.