APPLIED[B/C]: [PATCH 1/1][SRU][B/C/D] CVE-2018-14625 - AF_VSOCK info leak
Kleber Souza
kleber.souza at canonical.com
Thu Jan 10 12:05:14 UTC 2019
On 12/18/18 2:07 AM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14625.html
>
> A flaw was found in the Linux Kernel where an attacker may be able to have
> an uncontrolled read to kernel-memory from within a vm guest. A race
> condition between connect() and close() function may allow an attacker
> using the AF_VSOCK protocol to gather a 4 byte information leak or possibly
> intercept or corrupt AF_VSOCK messages destined to other clients.
>
> This is a clean cherry pick to Bionic, Cosmic, and Disco/4.19. The
> unstable/4.20 tree already has the fix applied.
>
> Tyler
>
Applied to bionic/master-next and cosmic/master-next branches.
Thanks,
Kleber
More information about the kernel-team
mailing list