CVE-2018-14625Use After Free in Linux

CWE-416Use After FreeCWE-362Race Condition24 documents8 sources
Severity
7.0HIGHNVD
OSV5.5
EPSS
0.1%
top 80.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedSep 10
Latest updateMay 14

Description

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

Debianlinux/linux_kernel< 4.19.9-1+3
Ubuntulinux/linux_kernel< 4.15.0-44.47+1
debiandebian/linux< linux 4.19.9-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

10
GHSA
GHSA-jrcc-3vp8-hghg: A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest2022-05-14
OSV
linux, linux-hwe regression2019-02-08
OSV
linux-azure vulnerabilities2019-02-07
OSV
linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities2019-02-04
OSV
linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities2019-02-04

📋Vendor Advisories

11
Ubuntu
Linux kernel regression2019-02-08
Ubuntu
Linux kernel (Azure) vulnerabilities2019-02-07
Ubuntu
Linux kernel (Azure) vulnerabilities2019-02-07
Ubuntu
Linux kernel (AWS, GCP, KVM, OEM, Raspberry Pi 2) vulnerabilities2019-02-04
Ubuntu
Linux kernel vulnerabilities2019-02-04

💬Community

2
Bugzilla
CVE-2018-14625 kernel: use-after-free Read in vhost_transport_send_pkt2018-08-21
Bugzilla
CVE-2018-14625 kernel: use-after-free Read in vhost_transport_send_pkt [fedora-all]2018-08-21