vulnerability

Oracle Linux: CVE-2018-14678: ELSA-2018-4210: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Jul 25, 2018	Sep 7, 2018	Dec 3, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Jul 25, 2018

Added

Sep 7, 2018

Modified

Dec 3, 2025

Description

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

Solution

oracle-linux-upgrade-kernel-uek

References

CVE-2018-14678
https://attackerkb.com/topics/CVE-2018-14678
ELSA-ELSA-2018-4210
ELSA-ELSA-2018-4242
CWE-665

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today