Oval Definition:oval:com.ubuntu.cosmic:def:201815594000
Revision Date:2018-08-20Version:1
Title:CVE-2018-15594 on Ubuntu 18.10 (cosmic) - high.
Description:arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-15594
Platform(s):Ubuntu 18.10
Product(s):
Definition Synopsis
  • Ubuntu 18.10 (cosmic) is installed.
  • AND Package Information
  • NOT While related to the CVE in some way, the 'linux' package in cosmic is not affected (note: '4.17.0-9.10').
  • OR NOT While related to the CVE in some way, the 'linux-aws' package in cosmic is not affected (note: '4.18.0-1002.3').
  • OR NOT While related to the CVE in some way, the 'linux-azure' package in cosmic is not affected (note: '4.18.0-1003.3').
  • OR NOT While related to the CVE in some way, the 'linux-gcp' package in cosmic is not affected (note: '4.18.0-1002.3').
  • OR NOT While related to the CVE in some way, the 'linux-kvm' package in cosmic is not affected (note: '4.18.0-1002.2').
  • OR NOT While related to the CVE in some way, the 'linux-oem' package in cosmic is not affected (note: '4.15.0-1021.24').
  • OR NOT While related to the CVE in some way, the 'linux-raspi2' package in cosmic is not affected (note: '4.18.0-1004.6').
    • BACK