Main Vulnerability Database Vulnerabilities #VU10362

#VU10362 Privilege escalation in Linux kernel - CVE-2018-5750

Published: February 5, 2018

Vulnerability identifier: #VU10362

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5750

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a flaw in the acpi_smbus_hc_add() function in 'drivers/acpi/sbshc.c'. A local attacker can submit a specially crafted SBS HC printk system call to obtain potentially sensitive address information and potentially bypass kernel address space layout randomization (KASLR) security protection.

Remediation

Update to the latest versions.

External links

https://patchwork.kernel.org/patch/10174835/

#VU10362 Privilege escalation in Linux kernel - CVE-2018-5750

Description

Remediation

External links

Please verify you're human