Information disclosure in Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-14656 CVE-2018-18710 CVE-2018-20511 |
| CWE-ID | CWE-20 CWE-200 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU15291
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14656
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation when a missing address check occurs in the callers of the show_opcodes() function. A local user can use a specially crafted application to trigger kernel memory to be dumped into the dmesg log.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: 4.18 - 4.18.12
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU15670
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-18710
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists in the cdrom_ioctl_select_disc function, as defined in the drivers/cdrom/cdrom.c source code file due to boundary error when processing of user-supplied input. A local attacker can access the system, execute an application that submits malicious input to read arbitrary kernel memory on the system, which could be used to conduct additional attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.15.0 - 4.19
External linkshttp://github.com/torvalds/linux/commit/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU16746
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-20511
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in ipddp_ioctl function in drivers/net/appletalk/ipddp.c. A remote attacker can leverage CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.
MitigationUpdate tp version 4.18.11.
Vulnerable software versionsLinux kernel: 4.18 - 4.18.10
External linkshttp://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.11
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
