CVE-2018-16658Sensitive Information Exposure in Kernel

CWE-200Sensitive Information Exposure27 documents8 sources
Severity
6.1MEDIUMNVD
NVD5.5OSV7.8OSV5.9OSV5.5
EPSS
0.0%
top 97.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedSep 7
Latest updateMay 14

Description

An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HExploitability: 1.8 | Impact: 4.2

Affected Packages4 packages

NVDlinux/linux_kernel< 4.18.6+1
Debianlinux/linux_kernel< 4.18.20-1+7
Ubuntulinux/linux_kernel< 3.13.0-162.212+2
debiandebian/linux< linux 4.18.6-1 (bookworm)+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

11
GHSA
GHSA-hj3r-hcwm-9448: An issue was discovered in the Linux kernel through 42022-05-14
GHSA
GHSA-289m-2pf5-x59p: An issue was discovered in the Linux kernel before 42022-05-14
OSV
linux-azure vulnerabilities2018-11-14
OSV
linux vulnerabilities2018-11-14
OSV
linux-hwe, linux-azure, linux-gcp vulnerabilities2018-11-14

📋Vendor Advisories

11
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-11-14
Ubuntu
Linux kernel (Azure) vulnerabilities2018-11-14
Ubuntu
Linux kernel vulnerabilities2018-11-14
Ubuntu
Linux kernel vulnerabilities2018-11-14
Ubuntu
Linux kernel (HWE) vulnerabilities2018-11-14

💬Community

3
Bugzilla
CVE-2018-18710 kernel: Information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c2018-11-01
Bugzilla
CVE-2018-16658 kernel: Information leak in cdrom_ioctl_drive_status [fedora-all]2018-09-12
Bugzilla
CVE-2018-16658 kernel: Information leak in cdrom_ioctl_drive_status2018-09-11