7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.5%
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows
local users to obtain names of files in which they would not normally be
able to access via an overlayfs mount inside of a user namespace.
Author | Note |
---|---|
tyhicks | This CVE is specific to Ubuntu since Ubuntu allows overlayfs mounts inside of user namespaces This flaw was previously discovered and fixed as part of CVE-2015-1328. The fix for CVE-2015-1328 was incorrectly dropped from the Ubuntu kernel during a merge with related changes in the upstream Linux kernel. CVE-2018-6559 represents the portion of CVE-2015-1328 that was incorrectly reintroduced into the Ubuntu kernel. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-42.45 | UNKNOWN |
ubuntu | 18.10 | noarch | linux | < 4.18.0-12.13 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1029.30 | UNKNOWN |
ubuntu | 18.10 | noarch | linux-aws | < 4.18.0-1006.7 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 4.15.0-1035.36 | UNKNOWN |
ubuntu | 18.10 | noarch | linux-azure | < 4.18.0-1006.6 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-azure | < 4.15.0-1035.36~14.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1035.36~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-edge | < 4.15.0-1035.36 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure-edge | < 4.15.0-1035.36~16.04.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2018-6559
nvd.nist.gov/vuln/detail/CVE-2018-6559
security-tracker.debian.org/tracker/CVE-2018-6559
ubuntu.com/security/notices/USN-3832-1
ubuntu.com/security/notices/USN-3833-1
ubuntu.com/security/notices/USN-3835-1
ubuntu.com/security/notices/USN-3836-1
ubuntu.com/security/notices/USN-3836-2
www.cve.org/CVERecord?id=CVE-2018-6559
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.5%