7.8

CVE-2018-18653

Exploit

EPSS 0.03%
Veröffentlicht 26.10.2018 00:29:00
Zuletzt bearbeitet 21.11.2024 03:56:18
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version18.10

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.094

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://usn.ubuntu.com/3832-1/

Patch

Vendor Advisory

https://usn.ubuntu.com/3835-1/

Patch

Vendor Advisory

https://launchpad.net/bugs/1798863

Vendor Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-18653

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-18653

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-18653

EUVD