CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
79.8%
USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression
where insufficient early entropy prevented services from starting,
leading in some situations to a failure to boot, This update addresses
the issue.
We apologize for the inconvenience.
Original advisory details:
Jann Horn discovered that the Linux kernel’s implementation of random
seed data reported that it was in a ready state before it had gathered
sufficient entropy. An attacker could use this to expose sensitive
information. (CVE-2018-1108)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)
It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly validate xattr sizes. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-1095)
Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)
It was discovered that an information leak vulnerability existed in the
floppy driver in the Linux kernel. A local attacker could use this to
expose sensitive information (kernel memory). (CVE-2018-7755)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1014-gcp | < 4.15.0-1014.14 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-gcp-headers-4.15.0-1014 | < 4.15.0-1014.14 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-gcp-tools-4.15.0-1014 | < 4.15.0-1014.14 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-gcp-tools-4.15.0-1014-dbgsym | < 4.15.0-1014.14 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-headers-4.15.0-1014-gcp | < 4.15.0-1014.14 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1014-gcp-dbgsym | < 4.15.0-1014.14 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-modules-4.15.0-1014-gcp | < 4.15.0-1014.14 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-modules-extra-4.15.0-1014-gcp | < 4.15.0-1014.14 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-tools-4.15.0-1014-gcp | < 4.15.0-1014.14 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1016-aws | < 4.15.0-1016.16 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
79.8%