UbuntuLSN-0065-1Kernel Live Patch Security Notice
6.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:N/A:C
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
6.2 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
62.2%
Details
Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual
Machine) emulated the IOAPIC. A privileged guest user could exploit
this flaw to read host memory or cause a denial of service (crash
the host). (CVE-2013-1798)
It was discovered that the KVM implementation in the Linux kernel,
when paravirtual TLB flushes are enabled in guests, the hypervisor in
some situations could miss deferred TLB flushes or otherwise mishandle
them. An attacker in a guest VM could use this to expose sensitive
information (read memory from another guest VM). (CVE-2019-3016)
Al Viro discovered that the vfs layer in the Linux kernel contained
a use- after-free vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information (kernel memory). (CVE-2020-8428)
Related
6.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:N/A:C
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
6.2 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
62.2%