CVE-2018-16862Sensitive Information Exposure in Linux

CWE-200Sensitive Information Exposure15 documents7 sources
Severity
5.5MEDIUMNVD
OSV3.3
EPSS
0.0%
top 93.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxCanonical Ubuntu Linux+2 more
Timeline
PublishedNov 26
Latest updateMay 14

Description

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 4.19.9-1+3
Ubuntulinux/linux_kernel< 4.4.0-142.168+1
debiandebian/linux< linux 4.19.9-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, Enterprise Linux 7.0

Patches

Patch: lore.kernel.orgPatch: lore.kernel.org

🔴Vulnerability Details

6
GHSA
GHSA-8mfm-2wff-rgp2: A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal)2022-05-14
OSV
linux-aws vulnerabilities2019-09-02
OSV
linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2019-08-13
OSV
linux-lts-xenial, linux-aws vulnerabilities2019-02-04
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2019-02-04

📋Vendor Advisories

6
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel vulnerabilities2019-08-13
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2019-02-04
Ubuntu
Linux kernel vulnerabilities2019-02-04
Red Hat
kernel: cleancache: Infoleak of deleted files after reuse of old inodes2018-11-24

💬Community

2
Bugzilla
CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes [fedora-all]2018-11-26
Bugzilla
CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes2018-11-12