CVE-2018-11508
published 2018-05-28CVE-2018-11508: The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via…
PriorityP430medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EXPLOIT
EPSS
1.72%
74.6th percentile
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | linux | < linux 4.16.12-1 (bookworm) | linux 4.16.12-1 (bookworm) |
| linux | linux_kernel | < 4.16.9 | 4.16.9 |
| linux | linux_kernel | >= 0 < 4.16.12-1 | 4.16.12-1 |
| linux | linux_kernel | >= 0 < 4.16.12-1 | 4.16.12-1 |
| linux | linux_kernel | >= 0 < 4.16.12-1 | 4.16.12-1 |
| linux | linux_kernel | >= 0 < 4.16.12-1 | 4.16.12-1 |
| linux | linux_kernel | >= 0 < 4.15.0-24.26 | 4.15.0-24.26 |
| linux | linux_kernel | >= 0 < 4.15.0-29.31 | 4.15.0-29.31 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j435-p44w-r9xj: The compat_get_timex function in kernel/compat
ghsa_unreviewed·2022-05-14
CVE-2018-11508 [MEDIUM] CWE-200 GHSA-j435-p44w-r9xj: The compat_get_timex function in kernel/compat
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
OSV
linux-hwe, linux-azure, linux-gcp regression
osv·2018-07-21·CVSS 5.5
CVE-2018-1108 [MEDIUM] linux-hwe, linux-azure, linux-gcp regression
linux-hwe, linux-azure, linux-gcp regression
USN-3695-2 fixed vulnerabilities in the Linux Hardware Enablement
Kernel (HWE) kernel for Ubuntu 16.04 LTS. Unfortunately, the fix
for CVE-2018-1108 introduced a regression where insufficient early
entropy prevented services from starting, leading in some situations
to a failure to boot, This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Jann Horn discovered that the Linux kernel's implementation of random
seed data reported that it was in a ready state before it had gathered
sufficient entropy. An attacker could use this to expose sensitive
information. (CVE-2018-1108)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize the crc32c checksum d
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem regression
osv·2018-07-21·CVSS 5.5
CVE-2018-1108 [MEDIUM] linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem regression
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem regression
USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression
where insufficient early entropy prevented services from starting,
leading in some situations to a failure to boot, This update addresses
the issue.
We apologize for the inconvenience.
Original advisory details:
Jann Horn discovered that the Linux kernel's implementation of random
seed data reported that it was in a ready state before it had gathered
sufficient entropy. An attacker could use this to expose sensitive
information. (CVE-2018-1108)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize the crc32c checksum drive
OSV
linux-hwe, linux-azure vulnerabilities
osv·2018-07-02·CVSS 5.5
CVE-2018-1094 [MEDIUM] linux-hwe, linux-azure vulnerabilities
linux-hwe, linux-azure vulnerabilities
USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)
It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly validate xattr sizes. A l
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
osv·2018-07-02·CVSS 5.5
CVE-2018-1094 [MEDIUM] linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)
It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly validate xattr sizes. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-1095)
Jann Horn discovered that the 32 bit adjtimex() syscall implementation
OSV
linux-oem vulnerabilities
osv·2018-07-02·CVSS 5.5
CVE-2018-1130 [MEDIUM] linux-oem vulnerabilities
linux-oem vulnerabilities
It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)
Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)
Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive information (kernel
pointer addresses). (CVE-2018-5750)
It was discovered that
OSV
CVE-2018-11508: The compat_get_timex function in kernel/compat
osv·2018-05-28·CVSS 5.5
CVE-2018-11508 [MEDIUM] CVE-2018-11508: The compat_get_timex function in kernel/compat
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
Ubuntu
Linux kernel regression
vendor_ubuntu·2018-07-21·CVSS 5.5
CVE-2018-1108 [MEDIUM] Linux kernel regression
Title: Linux kernel regression
Summary: A regression that caused boot failures was fixed in the Linux kernel.
USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. Unfortunately, the fix for CVE-2018-1108 introduced a regression
where insufficient early entropy prevented services from starting,
leading in some situations to a failure to boot, This update addresses
the issue.
We apologize for the inconvenience.
Original advisory details:
Jann Horn discovered that the Linux kernel's implementation of random
seed data reported that it was in a ready state before it had gathered
sufficient entropy. An attacker could use this to expose sensitive
information. (CVE-2018-1108)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly
Ubuntu
Linux kernel (HWE) regression
vendor_ubuntu·2018-07-21·CVSS 5.5
CVE-2018-1108 [MEDIUM] Linux kernel (HWE) regression
Title: Linux kernel (HWE) regression
Summary: A regression that caused boot failures was fixed in the Linux kernel.
USN-3695-2 fixed vulnerabilities in the Linux Hardware Enablement
Kernel (HWE) kernel for Ubuntu 16.04 LTS. Unfortunately, the fix
for CVE-2018-1108 introduced a regression where insufficient early
entropy prevented services from starting, leading in some situations
to a failure to boot, This update addresses the issue.
We apologize for the inconvenience.
Original advisory details:
Jann Horn discovered that the Linux kernel's implementation of random
seed data reported that it was in a ready state before it had gathered
sufficient entropy. An attacker could use this to expose sensitive
information. (CVE-2018-1108)
Wen Xu discovered that the ext4 file system implementati
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-07-02·CVSS 5.5
CVE-2018-1130 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)
Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)
Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitive info
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2018-07-02·CVSS 5.5
CVE-2018-1094 [MEDIUM] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3695-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)
It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)
Wen Xu discovered that the ext4 file system implemen
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-07-02·CVSS 5.5
CVE-2018-1094 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly initialize the crc32c checksum driver. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2018-1094)
It was discovered that the cdrom driver in the Linux kernel contained an
incorrect bounds check. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-10940)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel did not properly validate xattr sizes. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-1095)
Jann Horn discovered that the 32 bit adjtimex() syscall imple
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2018-07-02·CVSS 5.5
CVE-2018-1130 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a null pointer dereference vulnerability existed in
the DCCP protocol implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash). (CVE-2018-1130)
Jann Horn discovered that the 32 bit adjtimex() syscall implementation for
64 bit Linux kernels did not properly initialize memory returned to user
space in some situations. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2018-11508)
Wang Qize discovered that an information disclosure vulnerability existed
in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A
local attacker could use this to expose sensitiv
Red Hat
kernel: Missing initialization in kernel/compat.c:compat_get_timex() allows local attacker to obtain possibly sensitive information via adjtimex
vendor_redhat·2018-05-11·CVSS 5.5
CVE-2018-11508 [MEDIUM] CWE-456 kernel: Missing initialization in kernel/compat.c:compat_get_timex() allows local attacker to obtain possibly sensitive information via adjtimex
kernel: Missing initialization in kernel/compat.c:compat_get_timex() allows local attacker to obtain possibly sensitive information via adjtimex
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
A flaw was found in the compat_get_timex function in kernel/compat.c in the Linux kernel. A local user could use this flaw to obtain possibly sensitive information from kernel memory via adjtimex system call.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-alt (Red Hat Enterprise Linux 7) - Fix deferred
Package: kernel-rt (Red Hat
Debian
CVE-2018-11508: linux - The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16...
vendor_debian·2018·CVSS 5.5
CVE-2018-11508 [MEDIUM] CVE-2018-11508: linux - The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16...
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
Scope: local
bookworm: resolved (fixed in 4.16.12-1)
bullseye: resolved (fixed in 4.16.12-1)
forky: resolved (fixed in 4.16.12-1)
sid: resolved (fixed in 4.16.12-1)
trixie: resolved (fixed in 4.16.12-1)
No detection rules found.
Bugzilla
CVE-2018-11508 kernel: Missing initialization in kernel/compat.c:compat_get_timex() allows local attacker to obtain possibly sensitive information via adjtimex [fedora-all]
bugzilla·2018-05-28·CVSS 5.5
CVE-2018-11508 [MEDIUM] CVE-2018-11508 kernel: Missing initialization in kernel/compat.c:compat_get_timex() allows local attacker to obtain possibly sensitive information via adjtimex [fedora-all]
CVE-2018-11508 kernel: Missing initialization in kernel/compat.c:compat_get_timex() allows local attacker to obtain possibly sensitive information via adjtimex [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM
Bugzilla
CVE-2018-11508 kernel: Missing initialization in kernel/compat.c:compat_get_timex() allows local attacker to obtain possibly sensitive information via adjtimex
bugzilla·2018-05-28·CVSS 5.5
CVE-2018-11508 [MEDIUM] CVE-2018-11508 kernel: Missing initialization in kernel/compat.c:compat_get_timex() allows local attacker to obtain possibly sensitive information via adjtimex
CVE-2018-11508 kernel: Missing initialization in kernel/compat.c:compat_get_timex() allows local attacker to obtain possibly sensitive information via adjtimex
The compat_get_timex function in kernel/compat.c in the Linux kernel allows local users to obtain possibly sensitive information from a kernel memory via adjtimex system call.
Reference (includes PoC):
https://bugs.chromium.org/p/project-zero/issues/detail?id=1574
Introduced by:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3a4d44b6162555070194e486ff6b3799a8d323a2
An upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1583315]
-
arXiv
Breaking Precision Time: OS Vulnerability Exploits Against IEEE 1588
arxiv_fulltext·2025-10-07
Breaking Precision Time: OS Vulnerability Exploits Against IEEE 1588
Breaking Precision Time: OS Vulnerability Exploits Against IEEE 1588
Muhammad Abdullah Soomro
University of Massachusetts Amherst
[email protected]
Fatima Muhammad Anwar
University of Massachusetts Amherst
[email protected]
## Abstract
The Precision Time Protocol (PTP), standardized as IEEE 1588, provides sub-microsecond synchronization across distributed systems and underpins critical infrastructure in telecommunications, finance, power systems, and industrial automation. While prior work has extensively analyzed PTP's vulnerability to network-based attacks, prompting the development of cryptographic protections and anomaly detectors, these defenses presume an uncompromised host. In this paper, we identify and exploit a critical blind spot in current threat models: kernel-level adver
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95http://www.securityfocus.com/bid/104292https://bugs.chromium.org/p/project-zero/issues/detail?id=1574https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95https://usn.ubuntu.com/3695-1/https://usn.ubuntu.com/3695-2/https://usn.ubuntu.com/3697-1/https://usn.ubuntu.com/3697-2/https://www.exploit-db.com/exploits/46208/https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95http://www.securityfocus.com/bid/104292https://bugs.chromium.org/p/project-zero/issues/detail?id=1574https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95https://usn.ubuntu.com/3695-1/https://usn.ubuntu.com/3695-2/https://usn.ubuntu.com/3697-1/https://usn.ubuntu.com/3697-2/https://www.exploit-db.com/exploits/46208/https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9
2018-05-28
Published