|Number of vulnerabilities||1|
Operating systems & Components / Operating system
This security bulletin contains one low risk vulnerability.
CWE-200 - Information exposure
Exploit availability: NoDescription
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to the aoedisk_debugfs_show function, as defined in the drivers/block/aoe/aoeblk.c source code file allows access to ffree:lines in a debugfs file. A local attacker can access the debugfs file to access sensitive address information, which could be used to conduct further attacks.Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.Vulnerable software versions
Linux kernel: 4.10.0 - 4.16.4CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?