Ubuntu update for Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-14625 CVE-2018-16882 CVE-2018-19407 CVE-2018-19854 |
| CWE-ID | CWE-362 CWE-416 CWE-476 CWE-401 |
| Exploitation vector | Local network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
linux-hwe (Ubuntu package) Operating systems & Components / Operating system package or component linux (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Race condition
EUVDB-ID: #VU16514
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-14625
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The weakness exists due to a race condition between connect() and close() function. A local attacker can use the AF_VSOCK protocol to obtain sensitive information possibly intercept or corrupt AF_VSOCK messages destined to other clients.
Update the affected packages.
- Ubuntu 18.10
- linux-image-4.18.0-15-generic - 4.18.0-15.16
- linux-image-4.18.0-15-generic-lpae - 4.18.0-15.16
- linux-image-4.18.0-15-lowlatency - 4.18.0-15.16
- linux-image-4.18.0-15-snapdragon - 4.18.0-15.16
- linux-image-generic - 4.18.0.15.16
- linux-image-generic-lpae - 4.18.0.15.16
- linux-image-lowlatency - 4.18.0.15.16
- linux-image-snapdragon - 4.18.0.15.16
- Ubuntu 18.04 LTS
- linux-image-4.18.0-15-generic - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-generic-lpae - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-lowlatency - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-snapdragon - 4.18.0-15.16~18.04.1
- linux-image-generic-hwe-18.04 - 4.18.0.15.65
- linux-image-generic-lpae-hwe-18.04 - 4.18.0.15.65
- linux-image-lowlatency-hwe-18.04 - 4.18.0.15.65
- linux-image-snapdragon-hwe-18.04 - 4.18.0.15.65
linux-hwe (Ubuntu package): 4.18.0-12.13~18.04.2 - 4.18.0-14.15~18.04.1
linux (Ubuntu package): 4.18.0-0.0 - 4.18.0-14.15
CPE2.3- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-12.13~18.04.2:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-13.14~18.04.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-14.15~18.04.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-0.0:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-0.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-1.2:*:*:*:*:ubuntu:*:*
https://usn.ubuntu.com/3878-3/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Use-after-free error
EUVDB-ID: #VU16617
Risk: Low
CVSSv4.0: 5.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-16882
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges on the target system.
The vulnerability exists due to in nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address which is latter used in pi_test_and_clear_on(). An adjacent attacker can use a malicious container to trigger use-after-free error and crash the host kernel resulting in DoS OR potentially gain privileged access to a system.
MitigationUpdate the affected packages.
- Ubuntu 18.10
- linux-image-4.18.0-15-generic - 4.18.0-15.16
- linux-image-4.18.0-15-generic-lpae - 4.18.0-15.16
- linux-image-4.18.0-15-lowlatency - 4.18.0-15.16
- linux-image-4.18.0-15-snapdragon - 4.18.0-15.16
- linux-image-generic - 4.18.0.15.16
- linux-image-generic-lpae - 4.18.0.15.16
- linux-image-lowlatency - 4.18.0.15.16
- linux-image-snapdragon - 4.18.0.15.16
- Ubuntu 18.04 LTS
- linux-image-4.18.0-15-generic - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-generic-lpae - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-lowlatency - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-snapdragon - 4.18.0-15.16~18.04.1
- linux-image-generic-hwe-18.04 - 4.18.0.15.65
- linux-image-generic-lpae-hwe-18.04 - 4.18.0.15.65
- linux-image-lowlatency-hwe-18.04 - 4.18.0.15.65
- linux-image-snapdragon-hwe-18.04 - 4.18.0.15.65
linux-hwe (Ubuntu package): 4.18.0-12.13~18.04.2 - 4.18.0-14.15~18.04.1
linux (Ubuntu package): 4.18.0-0.0 - 4.18.0-14.15
CPE2.3- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-12.13~18.04.2:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-13.14~18.04.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-14.15~18.04.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-0.0:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-0.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-1.2:*:*:*:*:ubuntu:*:*
https://usn.ubuntu.com/3878-3/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Null pointer dereference
EUVDB-ID: #VU16022
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19407
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the vcpu_scan_ioapic function, as defined in the arch/x86/kvm/x86.c source code file due to the failure of the I/O Advanced Programmable Interrupt Controller (I/O APIC) to initialize. A local attacker can access the system and execute an application that submits malicious system calls, trigger a NULL pointer dereference, which could result in a DoS condition.
MitigationUpdate the affected packages.
- Ubuntu 18.10
- linux-image-4.18.0-15-generic - 4.18.0-15.16
- linux-image-4.18.0-15-generic-lpae - 4.18.0-15.16
- linux-image-4.18.0-15-lowlatency - 4.18.0-15.16
- linux-image-4.18.0-15-snapdragon - 4.18.0-15.16
- linux-image-generic - 4.18.0.15.16
- linux-image-generic-lpae - 4.18.0.15.16
- linux-image-lowlatency - 4.18.0.15.16
- linux-image-snapdragon - 4.18.0.15.16
- Ubuntu 18.04 LTS
- linux-image-4.18.0-15-generic - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-generic-lpae - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-lowlatency - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-snapdragon - 4.18.0-15.16~18.04.1
- linux-image-generic-hwe-18.04 - 4.18.0.15.65
- linux-image-generic-lpae-hwe-18.04 - 4.18.0.15.65
- linux-image-lowlatency-hwe-18.04 - 4.18.0.15.65
- linux-image-snapdragon-hwe-18.04 - 4.18.0.15.65
linux-hwe (Ubuntu package): 4.18.0-12.13~18.04.2 - 4.18.0-14.15~18.04.1
linux (Ubuntu package): 4.18.0-0.0 - 4.18.0-14.15
CPE2.3- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-12.13~18.04.2:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-13.14~18.04.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-14.15~18.04.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-0.0:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-0.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-1.2:*:*:*:*:ubuntu:*:*
https://usn.ubuntu.com/3878-3/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Memory leak
EUVDB-ID: #VU17257
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform DoS attack on the target system.
The vulnerability exists due to crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace. A local attacker can trigger memory leak and perform denial of service attack.
MitigationUpdate the affected packages.
- Ubuntu 18.10
- linux-image-4.18.0-15-generic - 4.18.0-15.16
- linux-image-4.18.0-15-generic-lpae - 4.18.0-15.16
- linux-image-4.18.0-15-lowlatency - 4.18.0-15.16
- linux-image-4.18.0-15-snapdragon - 4.18.0-15.16
- linux-image-generic - 4.18.0.15.16
- linux-image-generic-lpae - 4.18.0.15.16
- linux-image-lowlatency - 4.18.0.15.16
- linux-image-snapdragon - 4.18.0.15.16
- Ubuntu 18.04 LTS
- linux-image-4.18.0-15-generic - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-generic-lpae - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-lowlatency - 4.18.0-15.16~18.04.1
- linux-image-4.18.0-15-snapdragon - 4.18.0-15.16~18.04.1
- linux-image-generic-hwe-18.04 - 4.18.0.15.65
- linux-image-generic-lpae-hwe-18.04 - 4.18.0.15.65
- linux-image-lowlatency-hwe-18.04 - 4.18.0.15.65
- linux-image-snapdragon-hwe-18.04 - 4.18.0.15.65
linux-hwe (Ubuntu package): 4.18.0-12.13~18.04.2 - 4.18.0-14.15~18.04.1
linux (Ubuntu package): 4.18.0-0.0 - 4.18.0-14.15
CPE2.3- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-12.13~18.04.2:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-13.14~18.04.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-hwe_ubuntu_package:4.18.0-14.15~18.04.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-0.0:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-0.1:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux_ubuntu_package:4.18.0-1.2:*:*:*:*:ubuntu:*:*
https://usn.ubuntu.com/3878-3/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
