Home > Vulnerability Database > CVE-2018-18653

Mend.io Vulnerability Database

CVE-2018-18653

Date: October 25, 2018

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.

Severity Score

7.8

Related Resources (6)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18653

Url: https://usn.ubuntu.com/3835-1/

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-18653

Url: https://launchpad.net/bugs/1798863

Url: https://usn.ubuntu.com/3832-1/

Url: https://www.mend.io/vulnerability-database/CVE-2018-18653

Severity Score

7.8

Weakness Type (CWE)

Improper Verification of Cryptographic Signature

CWE-347

CVSS v3

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-18653

Date: October 25, 2018

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?