[email protected]CVE-2018-10940

HistoryMay 09, 2018 - 5:29 p.m.

CVE-2018-10940

2018-05-0917:29:00

CWE-119

[email protected]

web.nvd.nist.gov

244

cve-2018-10940

linux kernel

cdrom driver

security vulnerability

bounds check

memory access

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

Affected configurations

NVD

Node

linuxlinux_kernelRange<4.16.6

Node

debiandebian_linuxMatch7.0

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt4.16.6

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	4.16.6

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707

www.securityfocus.com/bid/104154

access.redhat.com/errata/RHSA-2018:2948

access.redhat.com/errata/RHSA-2018:3083

access.redhat.com/errata/RHSA-2018:3096

github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707

lists.debian.org/debian-lts-announce/2018/06/msg00000.html

lists.debian.org/debian-lts-announce/2018/07/msg00015.html

lists.debian.org/debian-lts-announce/2018/07/msg00016.html

lists.debian.org/debian-lts-announce/2018/07/msg00020.html

usn.ubuntu.com/3676-1/

usn.ubuntu.com/3676-2/

usn.ubuntu.com/3695-1/

usn.ubuntu.com/3695-2/

usn.ubuntu.com/3754-1/

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for CVE-2018-10940

ubuntucve3 prion3 nvd3 debiancve3 veracode1 redhatcve1 cvelist3 cve2 openvas40 f52 nessus81 cloudfoundry1 oraclelinux5 ubuntu7 debian4 osv3 suse4 photon2 redhat3 ibm2 centos1