Information exposure in Linux kernel - CVE-2018-6559
Published: October 26, 2018 / Updated: October 10, 2019
Vulnerability identifier: #VU95694
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6559
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
How to mitigate CVE-2018-6559
Install update from vendor's repository.
Sources
- http://www.securityfocus.com/bid/105752
- https://launchpad.net/bugs/1793458
- https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html
- https://usn.ubuntu.com/3832-1/
- https://usn.ubuntu.com/3833-1/
- https://usn.ubuntu.com/3835-1/
- https://usn.ubuntu.com/3836-1/
- https://usn.ubuntu.com/3836-2/