Early Access — Mondoo Vulnerability Intelligence is currently in preview.
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Versions from v4.16 and newer are vulnerable.
4.13.0-16.193.11.0-12.194.2.0-16.194.4.0-1002.24.4.0-1001.104.15.0-1001.14.15.0-1030.31~16.04.14.15.0-1023.24~14.04.14.11.0-1009.94.15.0-1002.24.15.0-1003.34.15.0-1004.44.15.0-1008.84.15.0-1009.94.15.0-1012.124.15.0-1013.134.15.0-1014.144.15.0-1018.184.15.0-1019.19+12 more4.18.0-1013.13~18.04.14.4.0-9019.204.15.0-1001.14.10.0-1004.44.18.0-1004.5~18.04.14.18.0-1005.6~18.04.14.18.0-1006.7~18.04.14.18.0-1007.8~18.04.14.8.0-36.36~16.04.14.18.0-13.14~18.04.14.18.0-14.15~18.04.14.18.0-15.16~18.04.14.18.0-16.17~18.04.14.15.0-1002.24.4.0-1004.94.4.0-13.29~14.04.14.15.0-1002.34.15.0-1007.9~16.04.14.15.0-1007.94.2.0-1013.194.13.0-1005.54.4.0-1012.12Exploitability
AV:AAC:HPR:NUI:NScope
S:UImpact
C:HI:LA:NCVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N