PT-2018-2683 · Linux+5 · Linux Kernel+5

Scott Bauer

·

Publicado

2018-04-26

·

Atualizado

2019-09-10

·

CVE-2018-16658

CVSS v3.1

6.1

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.18.6
Description The issue is related to an information leak in the cdrom ioctl drive status() function in the Linux kernel, which could allow local attackers to read kernel memory. This is due to a cast from unsigned long to int that interferes with bounds checking, leading to potential data exposure. The vulnerability is associated with errors in data processing.
Recommendations For Linux kernel versions prior to 4.18.6, update to version 4.18.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the cdrom ioctl drive status() function to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2018-2281
ALT-PU-2018-2333
ALT-PU-2018-2679
ALT-PU-2018-2726
ALT-PU-2018-2729
ALT-PU-2018-2814
ALT-PU-2019-1433
BDU:2019-01343
CESA-2019_2029
CVE-2018-16658
DLA-1529-1
DLA-1531-1
DSA-4308-1
OPENSUSE-SU-2018_2738-1
OPENSUSE-SU-2018_3071-1
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:4154
RHSA-2019_2029
RHSA-2019_2043
SUSE-SU-2018:2775-1
SUSE-SU-2018:2776-1
SUSE-SU-2018:2858-1
SUSE-SU-2018:2862-1
SUSE-SU-2018:2879-1
SUSE-SU-2018:2907-1
SUSE-SU-2018:2908-1
SUSE-SU-2018:2908-2
SUSE-SU-2018:2980-1
SUSE-SU-2018:2981-1
SUSE-SU-2018:3083-1
SUSE-SU-2018:3084-1
SUSE-SU-2018:3088-1
SUSE-SU-2018:3961-1
USN-3797-1
USN-3797-2
USN-3820-1
USN-3820-2
USN-3820-3
USN-3822-1
USN-3822-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu