{"containers": {"cna": {"affected": [{"product": "kernel", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-30T00:00:00", "descriptions": [{"lang": "en", "value": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-10T15:06:24", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625"}, {"name": "USN-3872-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3872-1/"}, {"name": "USN-3878-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3878-1/"}, {"name": "USN-3871-5", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3871-5/"}, {"name": "USN-3878-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3878-2/"}, {"name": "USN-3871-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3871-4/"}, {"tags": ["x_refsource_MISC"], "url": "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039"}, {"name": "USN-3871-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3871-1/"}, {"name": "USN-3871-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3871-3/"}, {"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"}, {"name": "RHSA-2019:2043", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2043"}, {"name": "RHSA-2019:2029", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2029"}, {"name": "RHSA-2019:4154", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4154"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:29:51.690Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625"}, {"name": "USN-3872-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3872-1/"}, {"name": "USN-3878-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3878-1/"}, {"name": "USN-3871-5", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3871-5/"}, {"name": "USN-3878-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3878-2/"}, {"name": "USN-3871-4", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3871-4/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039"}, {"name": "USN-3871-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3871-1/"}, {"name": "USN-3871-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3871-3/"}, {"name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"}, {"name": "RHSA-2019:2043", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2043"}, {"name": "RHSA-2019:2029", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2029"}, {"name": "RHSA-2019:4154", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4154"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-14625", "datePublished": "2018-09-10T13:00:00", "dateReserved": "2018-07-27T00:00:00", "dateUpdated": "2024-08-05T09:29:51.690Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients."}, {"lang": "es", "value": "Se ha detectado un error en el kernel de Linux en el que un atacante podr\u00eda ser capaz de tener una lectura no controlada de la memoria del kernel desde dentro de una m\u00e1quina virtual invitada. Una condici\u00f3n de carrera entre las funciones connect() y close() podr\u00eda permitir que un atacante que emplee el protocolo AF_VSOCK re\u00fana una filtraci\u00f3n de informaci\u00f3n de 4 bytes o, posiblemente, intercepte o corrompa mensajes AF_VSOCK destinados a otros clientes"}], "id": "CVE-2018-14625", "lastModified": "2023-02-13T04:51:40.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-09-10T13:29:00.277", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:2029"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:2043"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2019:4154"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14625"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-3/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-4/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3871-5/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3872-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3878-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3878-2/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2019:2043", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1062.rt56.1022.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-07T00:00:00Z"}, {"advisory": "RHSA-2019:2029", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1062.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-08-06T00:00:00Z"}, {"advisory": "RHSA-2019:4154", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.16.1.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-12-10T00:00:00Z"}], "bugzilla": {"description": "kernel: use-after-free Read in vhost_transport_send_pkt", "id": "1619846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619846"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.", "A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory."], "name": "CVE-2018-14625", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2018-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-14625\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14625"], "threat_severity": "Moderate"}