Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2018-5953 CVE-2018-5995 |
CWE-ID | CWE-200 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU14449
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-5953
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in the swiotlb_print_info() function, as defined in the lib/swiotlb.c source code file due to the printk function prints kernel-object address information. A local attacker can access the system and use a software IO TLB call to read the kernel log.
MitigationUpdate to version 4.14.15.
Vulnerable software versionsLinux kernel: 4.10.0 - 4.14.14
CPE2.3 External linkshttp://github.com/johnsonwangqize/cve-linux/blob/master/%20CVE-2018-5953.md
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU14450
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-5995
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in the pcpu_embed_first_chunk() function, as defined in the mm/percpu.c source code file due to the printk function prints kernel-object address information. A local attacker can access the system and use a a pages/cpu call to read the kernel log.
MitigationUpdate to version 4.14.15.
Vulnerable software versionsLinux kernel: 4.10.0 - 4.14.14
CPE2.3 External linkshttp://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?