CVE-2018-1108

MEDIUM

Description

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.

References

http://www.securityfocus.com/bid/104055

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108

https://usn.ubuntu.com/3718-1/

https://usn.ubuntu.com/3718-2/

https://usn.ubuntu.com/3752-1/

https://usn.ubuntu.com/3752-2/

https://usn.ubuntu.com/3752-3/

https://www.debian.org/security/2018/dsa-4188

Details

Source: MITRE

Published: 2018-05-21

Updated: 2018-08-29

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM