Information disclosure in Linux kernel



Published: 2018-02-20 | Updated: 2018-05-30
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-7273
CVE-2018-6412
CWE-ID CWE-264
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU11226

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7273

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions and obtain potentially sensitive information on the target system.

The weakness exists in the show_floppy function due to insufficient security restrictions. A local attacker can bypass security restrictions and gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.10.0 - 4.15.4

External links

http://lkml.org/lkml/2018/2/20/669


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU13041

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6412

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to integer signedness error in the sbusfb_ioctl_helper function in drivers/video/fbdev/sbuslib.c. A remote attacker can use vector related to the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands to access arbitrary data.

Mitigation

The vulnerability is addressed in the following versions: 4.4.134, 4.9.104, 4.14.45.

Vulnerable software versions

Linux kernel: 2.4.9 - 4.14.44

External links

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.134
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.104
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.45


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###