VDB

CVE-2018-14678

CVE-2018-14678 PUBLISHED

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

EPSS 0.08% · 23.8th percentile

Risk Scores

EPSS Score
0.08%
23.8th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSlinux-gcp0, *, 4.10.0-1008.8
Ubuntu:18.04:LTSlinux-kvm4.15.0-1002.2, 4.15.0-1003.3, 4.15.0-1004.4
Ubuntu:16.04:LTSlinux-aws-hwe4.15.0-1032.34~16.04.1, 4.15.0-1031.33~16.04.1, 4.15.0-1030.31~16.04.1
Ubuntu:18.04:LTSlinux-raspi24.13.0-1008.8, 4.13.0-1005.5, 4.15.0-1006.7
Ubuntu:16.04:LTSlinux-azure4.15.0-1018.18~16.04.1, 4.15.0-1013.13~16.04.2, 4.13.0-1018.21
Ubuntu:16.04:LTSlinux-oracle0, 4.15.0-1007.9~16.04.1, 4.15.0-1008.10~16.04.1
Ubuntu:18.04:LTSlinux-azure4.15.0-1018.18, 0, 4.15.0-1002.2
Ubuntu:18.04:LTSlinux-oracle4.15.0-1007.9, 4.15.0-1009.11, 4.15.0-1008.10
Ubuntu:16.04:LTSlinux-hwe4.15.0-46.49~16.04.1, *, *
Ubuntu:14.04:LTSlinux-azure*, *, *
Ubuntu:18.04:LTSlinux-aws4.15.0-1019.19, 4.15.0-1017.17, 4.15.0-1016.16
Ubuntu:18.04:LTSlinux-gcp4.15.0-1017.18, 4.15.0-1001.1, 4.15.0-1005.5
Ubuntu:18.04:LTSlinux4.13.0-25.29, 4.15.0-43.46, 4.15.0-42.45
Ubuntu:18.04:LTSlinux-oem4.15.0-1002.3, 4.15.0-1004.5, 4.15.0-1006.9

Timeline

  • Jul 28, 2018 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 25, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 27, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 2, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 5, 2022 EPSS Score
  • Jan 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›