Race Condition Vulnerability in Linux Kernel's AF_VSOCK Protocol

Race Condition Vulnerability in Linux Kernel's AF_VSOCK Protocol

CVE-2018-14625 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.