CVE-2018-15594 — MEDIUM (5.5)

Q: What is CVE-2018-15594?

CVE-2018-15594 is a vulnerability with a CVSS score of 5.5 (MEDIUM). arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.

Q: How severe is CVE-2018-15594?

CVE-2018-15594 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-15594?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Canonical Ubuntu Linux, Linux Linux Kernel.

Vulnerability Description

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	12.04
Linux	Linux Kernel	< 4.18.1

Related Weaknesses (CWE)

CWE-200

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5800dcMitigationPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
http://www.securityfocus.com/bid/105120Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041601Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2043
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1Release NotesVendor Advisory
https://github.com/torvalds/linux/commit/5800dc5c19f34e6e03b5adab1282535cb102fafMitigationPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.htmlMailing ListThird Party Advisory
https://twitter.com/grsecurity/status/1029324426142199808Third Party Advisory
https://usn.ubuntu.com/3775-1/Third Party Advisory
https://usn.ubuntu.com/3775-2/Third Party Advisory
https://usn.ubuntu.com/3776-1/Third Party Advisory
https://usn.ubuntu.com/3776-2/Third Party Advisory
https://usn.ubuntu.com/3777-1/Third Party Advisory

FAQ

What is CVE-2018-15594?

CVE-2018-15594 is a vulnerability with a CVSS score of 5.5 (MEDIUM). arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.

How severe is CVE-2018-15594?

CVE-2018-15594 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15594?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Canonical Ubuntu Linux, Linux Linux Kernel.