CVE-2018-1108
First published: Mon May 21 2018(Updated: )
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=4.16 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Debian Debian Linux | =9.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/104055
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1108
- https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
- https://usn.ubuntu.com/3718-1/
- https://usn.ubuntu.com/3718-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://www.debian.org/security/2018/dsa-4188
- https://launchpad.net/bugs/cve/CVE-2018-1108
- https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
- https://security-tracker.debian.org/tracker/CVE-2018-1108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1108
- https://nvd.nist.gov/vuln/detail/CVE-2018-1108
- https://ubuntu.com/security/CVE-2018-1108
Frequently Asked Questions
What is the vulnerability ID of this weakness?
The vulnerability ID of this weakness is CVE-2018-1108.
What is the description of this vulnerability?
This vulnerability occurs in kernel drivers before version 4.17-rc1 and is related to the Linux kernel's implementation of random seed data.
Which software versions are affected by this vulnerability?
The vulnerability affects various versions of the Linux kernel, including Ubuntu packages linux, linux-goldfish, linux-grouper, linux-flo, linux-aws, linux-gke, linux-azure, linux-gcp, linux-euclid, linux-azure-edge, linux-hwe, linux-lts-trusty, linux-lts-utopic, linux-lts-vivid, linux-hwe-edge, linux-kvm, linux-lts-wily, linux-lts-xenial, linux-maguro, linux-mako, linux-manta, linux-oem, linux-raspi2, and linux-snapdragon.
How can I fix this vulnerability?
To fix this vulnerability, update your Linux kernel to version 4.17 or higher.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the references section of the advisory.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.16
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- package-manager/debian