Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3762-1)

medium Nessus Plugin ID 117454

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3762-1 advisory.

- The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. (CVE-2017-13695)

- Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. (CVE-2018-1118)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-3762-1

Plugin Details

Severity: Medium

ID: 117454

File Name: ubuntu_USN-3762-1.nasl

Version: 1.10

Type: local

Agent: unix

Published: 9/12/2018

Updated: 1/9/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-1118

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1019-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1021-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1021-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1022-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1023-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-34-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-34-generic-lpae, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-34-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-34-snapdragon, cpe:/o:canonical:ubuntu_linux:18.04:-:lts

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2018

Vulnerability Publication Date: 8/25/2017

Reference Information

CVE: CVE-2017-13695, CVE-2018-1118

USN: 3762-1