CVE-2018-6559 — Sensitive Information Exposure in Ubuntu Linux

CWE-200 — Sensitive Information Exposure13 documents6 sources

Severity

3.3LOWNVD

OSV7.0

EPSS

0.1%

top 75.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Debian Linux

Timeline

PublishedOct 26

Latest updateMay 13

Description

The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶Ubuntulinux/linux_kernel< 4.15.0-42.45

▶debiandebian/linux

Also affects: Ubuntu Linux 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

GHSA-ff3j-qf4h-7gcp: The Linux kernel, as used in Ubuntu 18↗2022-05-13

▶

OSV

linux-hwe, linux-gcp vulnerabilities↗2018-12-04

▶

OSV

linux, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities↗2018-12-03

▶

OSV

linux-aws vulnerabilities↗2018-11-30

▶

OSV

CVE-2018-6559: The Linux kernel, as used in Ubuntu 18↗2018-10-18

▶

📋Vendor Advisories

Ubuntu

Linux kernel (HWE) vulnerabilities↗2018-12-04

▶

Ubuntu

Linux kernel vulnerabilities↗2018-12-03

▶

Ubuntu

Linux kernel vulnerabilities↗2018-12-03

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2018-11-30

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2018-11-30

▶

📄Research Papers

arXiv

The Ideal Versus the Real: Revisiting the History of Virtual Machines and Containers↗2019-04-27

▶