CVE-2018-18710Sensitive Information Exposure in Linux

CWE-200Sensitive Information Exposure21 documents7 sources
Severity
5.5MEDIUMNVD
OSV9.8OSV7.8
EPSS
0.0%
top 91.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedOct 29
Latest updateMay 14

Description

An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 4.18.20-1+3
Ubuntulinux/linux_kernel< 3.13.0-164.214+2
debiandebian/linux< linux 4.18.20-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

8
GHSA
GHSA-hj3r-hcwm-9448: An issue was discovered in the Linux kernel through 42022-05-14
OSV
linux vulnerabilities2018-12-20
OSV
linux-azure vulnerabilities2018-12-20
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-12-20
OSV
linux-hwe, linux-aws-hwe, linux-azure, linux-gcp vulnerabilities2018-12-20

📋Vendor Advisories

10
Ubuntu
Linux kernel (HWE) vulnerabilities2018-12-20
Ubuntu
Linux kernel vulnerabilities2018-12-20
Ubuntu
Linux kernel vulnerabilities2018-12-20
Ubuntu
Linux kernel vulnerability2018-12-20
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-12-20

💬Community

2
Bugzilla
CVE-2018-18710 kernel: Information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c [fedora-all]2018-11-09
Bugzilla
CVE-2018-18710 kernel: Information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c2018-11-01