CVE-2018-16862

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.

References

http://www.securityfocus.com/bid/106009

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://lore.kernel.org/patchwork/patch/1011367/

https://seclists.org/oss-sec/2018/q4/169

https://usn.ubuntu.com/3879-1/

https://usn.ubuntu.com/3879-2/

https://usn.ubuntu.com/4094-1/

https://usn.ubuntu.com/4118-1/

Details

Source: MITRE

Published: 2018-11-26

Updated: 2019-04-01

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.14 (inclusive)

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
128478Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)NessusUbuntu Local Security Checks
critical
127889Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)NessusUbuntu Local Security Checks
high
124834EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)NessusHuawei Local Security Checks
high
124806EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1482)NessusHuawei Local Security Checks
high
124430EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1303)NessusHuawei Local Security Checks
high
124398EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1302)NessusHuawei Local Security Checks
high
123727EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1259)NessusHuawei Local Security Checks
high
123630EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1156)NessusHuawei Local Security Checks
medium
123420Debian DLA-1731-2 : linux regression update (Spectre)NessusDebian Local Security Checks
medium
122879Debian DLA-1715-1 : linux-4.9 security update (Spectre)NessusDebian Local Security Checks
high
122837OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0009)NessusOracleVM Local Security Checks
high
122803Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4575)NessusOracle Linux Local Security Checks
high
122802Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4570)NessusOracle Linux Local Security Checks
medium
122609SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)NessusSuSE Local Security Checks
high
122343SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)NessusSuSE Local Security Checks
high
121633openSUSE Security Update : the Linux Kernel (openSUSE-2019-140)NessusSuSE Local Security Checks
high
121597Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3879-2)NessusUbuntu Local Security Checks
medium
121596Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3879-1)NessusUbuntu Local Security Checks
medium
121571SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1)NessusSuSE Local Security Checks
high
121569SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0222-1) (Spectre)NessusSuSE Local Security Checks
high
121505Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)NessusSlackware Local Security Checks
high
121466SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0196-1)NessusSuSE Local Security Checks
high
121344SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0148-1) (Spectre)NessusSuSE Local Security Checks
high
121289openSUSE Security Update : the Linux Kernel (openSUSE-2019-65)NessusSuSE Local Security Checks
high
120585Fedora 29 : kernel / kernel-headers / kernel-tools (2018-87ba0312c2)NessusFedora Local Security Checks
medium
120352Fedora 28 : kernel / kernel-headers / kernel-tools (2018-3857a8b41a)NessusFedora Local Security Checks
medium
119813Amazon Linux AMI : kernel (ALAS-2018-1133)NessusAmazon Linux Local Security Checks
medium
119787Amazon Linux 2 : kernel (ALAS-2018-1133)NessusAmazon Linux Local Security Checks
medium