Vulnerability Details : CVE-2018-1108
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
Products affected by CVE-2018-1108
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1108
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1108
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N |
1.4
|
4.0
|
Red Hat, Inc. | |
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2018-1108
-
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2018-1108
-
https://usn.ubuntu.com/3718-2/
USN-3718-2: Linux kernel (HWE) regression | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
[SECURITY] [DLA 3065-1] linux security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3752-2/
USN-3752-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3718-1/
USN-3718-1: Linux kernel regression | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3752-1/
USN-3752-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108
1567306 – (CVE-2018-1108) CVE-2018-1108 kernel: drivers: getrandom(2) unblocks too early after system bootIssue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/104055
Linux Kernel CVE-2018-1108 Predictable Random Number Generator WeaknessThird Party Advisory;VDB Entry
-
https://www.debian.org/security/2018/dsa-4188
Debian -- Security Information -- DSA-4188-1 linuxThird Party Advisory
-
https://usn.ubuntu.com/3752-3/
USN-3752-3: Linux kernel (Azure, GCP, OEM) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to