CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
75.4%
It was discovered that the generic SCSI driver in the Linux kernel did not
properly enforce permissions on kernel memory access. A local attacker
could use this to expose sensitive information or possibly elevate
privileges. (CVE-2017-13168)
Wen Xu discovered that a use-after-free vulnerability existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use this
to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10876, CVE-2018-10879)
Wen Xu discovered that a buffer overflow existed in the ext4 filesystem
implementation in the Linux kernel. An attacker could use this to construct
a malicious ext4 image that, when mounted, could cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2018-10877)
Wen Xu discovered that an out-of-bounds write vulnerability existed in the
ext4 filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10878, CVE-2018-10882)
Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly keep meta-data information consistent in some
situations. An attacker could use this to construct a malicious ext4 image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-10881)
Shankara Pailoor discovered that the JFS filesystem implementation in the
Linux kernel contained a buffer overflow when handling extended attributes.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2018-12233)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly handle an error condition with a corrupted xfs
image. An attacker could use this to construct a malicious xfs image that,
when mounted, could cause a denial of service (system crash).
(CVE-2018-13094)
It was discovered that the Linux kernel did not properly handle setgid file
creation when performed by a non-member of the group. A local attacker
could use this to gain elevated privileges. (CVE-2018-13405)
Silvio Cesare discovered that the generic VESA frame buffer driver in the
Linux kernel contained an integer overflow. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-13406)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | linux-image-4.4.0-1032-kvm | < 4.4.0-1032.38 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-cloud-tools-4.4.0-1032-kvm | < 4.4.0-1032.38 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-headers-4.4.0-1032-kvm | < 4.4.0-1032.38 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-image-4.4.0-1032-kvm-dbgsym | < 4.4.0-1032.38 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-cloud-tools-4.4.0-1032 | < 4.4.0-1032.38 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-cloud-tools-4.4.0-1032-dbgsym | < 4.4.0-1032.38 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-headers-4.4.0-1032 | < 4.4.0-1032.38 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-tools-4.4.0-1032 | < 4.4.0-1032.38 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-kvm-tools-4.4.0-1032-dbgsym | < 4.4.0-1032.38 | UNKNOWN |
Ubuntu | 16.04 | noarch | linux-tools-4.4.0-1032-kvm | < 4.4.0-1032.38 | UNKNOWN |
ubuntu.com/security/CVE-2017-13168
ubuntu.com/security/CVE-2018-10876
ubuntu.com/security/CVE-2018-10877
ubuntu.com/security/CVE-2018-10878
ubuntu.com/security/CVE-2018-10879
ubuntu.com/security/CVE-2018-10881
ubuntu.com/security/CVE-2018-10882
ubuntu.com/security/CVE-2018-12233
ubuntu.com/security/CVE-2018-13094
ubuntu.com/security/CVE-2018-13405
ubuntu.com/security/CVE-2018-13406
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
75.4%