CVE-2018-14678

HIGH Year: 2018
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-665
View all →

Vulnerability Description

An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges.

Related Vulnerabilities

CVE-2007-3749

HIGH
CVSS:7.8(High)

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary co...

CWE-6652007

CVE-2014-9942

HIGH
CVSS:7.8(High)

In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.

CWE-6652014

CVE-2017-0723

HIGH
CVSS:7.8(High)

A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755.

CWE-6652017

CVE-2017-0745

HIGH
CVSS:7.8(High)

A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.

CWE-6652017

CVE-2017-13153

HIGH
CVSS:7.8(High)

An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854.

CWE-6652017

CVE-2017-14102

HIGH
CVSS:7.8(High)

MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account ...

CWE-6652017