Vulnetix
Try Vulnetix Request Demo
CVE-2018-19854 PUBLISHED

An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).

EPSS 0.05% · 16.6th percentile

Risk Scores

EPSS Score
0.05%
16.6th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSlinux-gcp-edge4.18.0-1005.6~18.04.1, 0, 4.18.0-1004.5~18.04.1
Ubuntu:16.04:LTSlinux-oracle4.15.0-1008.10~16.04.1, 4.15.0-1007.9~16.04.1, 0
Ubuntu:18.04:LTSlinux-kvm4.15.0-1008.8, 4.15.0-1010.10, 4.15.0-1011.11
Ubuntu:18.04:LTSlinux-oracle4.15.0-1008.10, 4.15.0-1007.9, 0
Ubuntu:16.04:LTSlinux-hwe4.13.0-43.48~16.04.1, 4.13.0-41.46~16.04.1, 4.13.0-39.44~16.04.1
Ubuntu:18.04:LTSlinux-azure4.15.0-1009.9, 4.15.0-1013.13, 4.15.0-1014.14
Ubuntu:18.04:LTSlinux4.15.0-10.11, 4.13.0-17.20, 4.13.0-25.29
Ubuntu:16.04:LTSlinux-aws-hwe0, 4.15.0-1030.31~16.04.1, 4.15.0-1032.34~16.04.1
Ubuntu:18.04:LTSlinux-gcp4.15.0-1015.15, 4.15.0-1024.25, 4.15.0-1023.24
Ubuntu:16.04:LTSlinux-gcp4.15.0-1017.18~16.04.1, 4.15.0-1018.19~16.04.2, 4.15.0-1027.28~16.04.1
Ubuntu:16.04:LTSlinux-azure4.15.0-1022.22~16.04.1, 0, 4.11.0-1009.9
Ubuntu:18.04:LTSlinux-oem4.15.0-1006.9, 4.15.0-1004.5, 4.15.0-1002.3
Ubuntu:14.04:LTSlinux-azure4.15.0-1036.38~14.04.2, 4.15.0-1023.24~14.04.1, 4.15.0-1030.31~14.04.1
Ubuntu:18.04:LTSlinux-raspi24.15.0-1031.33, 0, 4.13.0-1005.5
Ubuntu:18.04:LTSlinux-hwe0, 4.18.0-13.14~18.04.1
Ubuntu:18.04:LTSlinux-aws4.15.0-1001.1, 4.15.0-1003.3, 4.15.0-1005.5

Timeline

References

Open in Interactive Console →