CVE-2018-18653 Information

Description

The Linux kernel as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c in conjunction with certain configuration options leads to mishandling of the result of signature verification.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://launchpad.net/bugs/1798863 https://usn.ubuntu.com/3832-1/ https://usn.ubuntu.com/3835-1/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8