CVE-2018-14656 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 26%

Vendor	Product	Version
linux	linux_kernel	𝑥 ≤ 4.18
linux	linux_kernel	4.19:rc1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
stretch	not-affected
jessie	not-affected
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
trixie	6.11.5-1 fixed
sid	6.11.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

cosmic	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-aws

cosmic	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-azure

cosmic	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

linux-azure-edge

cosmic	dne
bionic	not-affected
xenial	not-affected
trusty	dne

linux-euclid

cosmic	dne
bionic	dne
xenial	not-affected
trusty	dne

linux-flo

cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-gcp

cosmic	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-gke

cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-goldfish

cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-grouper

cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe

cosmic	dne
bionic	not-affected
xenial	not-affected
trusty	dne

linux-hwe-edge

cosmic	dne
bionic	not-affected
xenial	not-affected
trusty	dne

linux-kvm

cosmic	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-lts-trusty

cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-utopic

cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-vivid

cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-wily

cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-xenial

cosmic	dne
bionic	dne
xenial	dne
trusty	not-affected

linux-maguro

cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-mako

cosmic	dne
bionic	dne
xenial	ignored
trusty	dne

linux-manta

cosmic	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

cosmic	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-raspi2

cosmic	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

linux-snapdragon

cosmic	dne
bionic	not-affected
xenial	not-affected
trusty	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://www.securitytracker.com/id/1041804

https://bugs.chromium.org/p/project-zero/issues/detail?id=1650

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14656

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342db04ae71273322f0011384a9ed414df8bdae4

https://lore.kernel.org/lkml/20180828154901.112726-1-jannh%40google.com/T/

https://seclists.org/oss-sec/2018/q4/9

http://www.securitytracker.com/id/1041804

https://bugs.chromium.org/p/project-zero/issues/detail?id=1650

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14656

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342db04ae71273322f0011384a9ed414df8bdae4

https://lore.kernel.org/lkml/20180828154901.112726-1-jannh%40google.com/T/

https://seclists.org/oss-sec/2018/q4/9