vulnerability
Oracle Linux: CVE-2018-14625: ELSA-2019-2029: kernel security, bug fix, and enhancement update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:H/Au:S/C:N/I:P/A:C) | 2018-07-30 | 2019-08-15 | 2024-11-29 |
Severity
4
CVSS
(AV:L/AC:H/Au:S/C:N/I:P/A:C)
Published
2018-07-30
Added
2019-08-15
Modified
2024-11-29
Description
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.
A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory.
A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory.
Solution
oracle-linux-upgrade-kernel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.