CVE-2018-1000204Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective LifetimeCWE-401Missing Release of Memory after Effective LifetimeCWE-200Sensitive Information Exposure33 documents9 sources
Severity
5.5MEDIUMNVD
NVD5.3OSV7.8OSV5.3OSV4.3
EPSS
0.1%
top 68.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedJun 26
Latest updateDec 16

Description

Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chm

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages7 packages

Linuxlinux/linux_kernel4.17.05.10.247+5
NVDlinux/linux_kernel4.104.14.281+7
Debianlinux/linux_kernel< 5.10.113-1+11
Ubuntulinux/linux_kernel< 3.13.0-157.207+2
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2fd97de9c7b973f46a6103f4170c5efc7b8ef8797+23

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

15
OSV
CVE-2025-68288: In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was ident2025-12-16
GHSA
GHSA-87cr-f8hp-2h8x: In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was ide2025-12-16
OSV
usb: storage: Fix memory leak in USB bulk transport2025-12-16
Kernel
usb: storage: Fix memory leak in USB bulk transport2025-10-31
OSV
CVE-2022-48853: In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discove2024-07-16

📋Vendor Advisories

12
Red Hat
kernel: usb: storage: Fix memory leak in USB bulk transport2025-12-16
Debian
CVE-2025-68288: linux - In the Linux kernel, the following vulnerability has been resolved: usb: storag...2025
Red Hat
kernel: swiotlb: fix info leak with DMA_FROM_DEVICE2024-07-16
Debian
CVE-2022-48853: linux - In the Linux kernel, the following vulnerability has been resolved: swiotlb: fi...2022
Ubuntu
Linux kernel (Azure, GCP, OEM) vulnerabilities2018-08-28

🕵️Threat Intelligence

1
Wiz
CVE-2025-68288 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

2
Bugzilla
CVE-2018-1000204 kernel: Infoleak caused by incorrect handling of the SG_IO ioctl [fedora-all]2018-06-11
Bugzilla
CVE-2018-1000204 kernel: Infoleak caused by incorrect handling of the SG_IO ioctl2018-06-08