CVE-2018-15594 : arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.

Published 2018-08-20 08:29:00

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2018-15594

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions before (<) 4.18.1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-15594

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-15594

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2018-15594

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-15594

https://www.debian.org/security/2018/dsa-4308

Debian -- Security Information -- DSA-4308-1 linux
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3775-1/

USN-3775-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3777-3/

USN-3777-3: Linux kernel (Azure) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html

[security-announce] openSUSE-SU-2019:1407-1: important: Security update

CVEs referencing this url
https://usn.ubuntu.com/3777-2/

USN-3777-2: Linux kernel (HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html

[SECURITY] [DLA 1531-1] linux-4.9 security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1041601

Linux Kernel paravirt_patch_call Indirect Call Processing Lets Local Users View Portions of System Memory for Paravirtualized Guests - SecurityTracker
Third Party Advisory;VDB Entry
https://github.com/torvalds/linux/commit/5800dc5c19f34e6e03b5adab1282535cb102fafd

x86/paravirt: Fix spectre-v2 mitigations for paravirt guests · torvalds/linux@5800dc5 · GitHub
Mitigation;Patch;Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1

Release Notes;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/105120

Linux Kernel 'arch/x86/kernel/paravirt.c' Local Security Bypass Vulnerability
Third Party Advisory;VDB Entry
https://usn.ubuntu.com/3776-1/

USN-3776-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/3777-1/

USN-3777-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2019:2029

RHSA-2019:2029 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://usn.ubuntu.com/3776-2/

USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5800dc5c19f34e6e03b5adab1282535cb102fafd

kernel/git/torvalds/linux.git - Linux kernel source tree
Mitigation;Patch;Vendor Advisory
https://twitter.com/grsecurity/status/1029324426142199808

grsecurity on Twitter: "This should get a CVE: https://t.co/xr3icM7K2n"
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2043

RHSA-2019:2043 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://usn.ubuntu.com/3775-2/

USN-3775-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-15594

Products affected by CVE-2018-15594

Exploit prediction scoring system (EPSS) score for CVE-2018-15594

CVSS scores for CVE-2018-15594

CWE ids for CVE-2018-15594

References for CVE-2018-15594