CVE-2018-15594
kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
arch/x86/kernel/paravirt.c en el kernel de Linux en versiones anteriores a la 4.18.1 maneja incorrectamente algunas llamadas indirectas, lo que hace que sea más fácil para los atacantes realizar ataques Spectre-v2 contra guests paravirtuales.
It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-20 CVE Reserved
- 2018-08-20 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105120 | Third Party Advisory | |
| http://www.securitytracker.com/id/1041601 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html | Mailing List |
|
| https://twitter.com/grsecurity/status/1029324426142199808 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html | 2019-10-03 | |
| https://access.redhat.com/errata/RHSA-2019:2029 | 2019-10-03 | |
| https://access.redhat.com/errata/RHSA-2019:2043 | 2019-10-03 | |
| https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.1 | 2019-10-03 | |
| https://usn.ubuntu.com/3775-1 | 2019-10-03 | |
| https://usn.ubuntu.com/3775-2 | 2019-10-03 | |
| https://usn.ubuntu.com/3776-1 | 2019-10-03 | |
| https://usn.ubuntu.com/3776-2 | 2019-10-03 | |
| https://usn.ubuntu.com/3777-1 | 2019-10-03 | |
| https://usn.ubuntu.com/3777-2 | 2019-10-03 | |
| https://usn.ubuntu.com/3777-3 | 2019-10-03 | |
| https://www.debian.org/security/2018/dsa-4308 | 2019-10-03 | |
| https://access.redhat.com/security/cve/CVE-2018-15594 | 2019-08-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1620555 | 2019-08-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.18.1 Search vendor "Linux" for product "Linux Kernel" and version " < 4.18.1" | - |
Affected
| ||||||