CVE-2018-18653
HIGHUbuntu Linux - Improper Verification of Cryptographic Signature
Title source: llmDescription
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://launchpad.net/bugs/1798863
Patch, Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3835-1/
Patch, Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3832-1/
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
9.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-347
Status
published
Products (1)
canonical/ubuntu_linux
18.10
Published
Oct 26, 2018
Tracked Since
Feb 18, 2026