CVE-2018-18710

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276

http://www.securityfocus.com/bid/106041

https://github.com/torvalds/linux/commit/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://usn.ubuntu.com/3846-1/

https://usn.ubuntu.com/3847-1/

https://usn.ubuntu.com/3847-2/

https://usn.ubuntu.com/3847-3/

https://usn.ubuntu.com/3848-1/

https://usn.ubuntu.com/3848-2/

https://usn.ubuntu.com/3849-1/

https://usn.ubuntu.com/3849-2/

Details

Source: MITRE

Published: 2018-10-29

Updated: 2019-04-03

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
125514EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1587)NessusHuawei Local Security Checks
high
125283SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124834EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)NessusHuawei Local Security Checks
high
124795EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1471)NessusHuawei Local Security Checks
high
123867EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1181)NessusHuawei Local Security Checks
medium
123864EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1178)NessusHuawei Local Security Checks
medium
123630EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1156)NessusHuawei Local Security Checks
medium
123420Debian DLA-1731-2 : linux regression update (Spectre)NessusDebian Local Security Checks
medium
123366openSUSE Security Update : the Linux Kernel (openSUSE-2019-893)NessusSuSE Local Security Checks
high
122879Debian DLA-1715-1 : linux-4.9 security update (Spectre)NessusDebian Local Security Checks
high
122343SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)NessusSuSE Local Security Checks
high
121571SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0224-1)NessusSuSE Local Security Checks
high
121505Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)NessusSlackware Local Security Checks
high
121468SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)NessusSuSE Local Security Checks
high
121208SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0095-1)NessusSuSE Local Security Checks
high
120913Fedora 29 : kernel / kernel-headers / kernel-tools (2018-f55c305488)NessusFedora Local Security Checks
medium
120249Fedora 28 : kernel / kernel-headers / kernel-tools (2018-1621b2204a)NessusFedora Local Security Checks
medium
119832Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)NessusUbuntu Local Security Checks
high
119831Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3848-2)NessusUbuntu Local Security Checks
critical
119830Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3848-1)NessusUbuntu Local Security Checks
critical
119829Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3847-3)NessusUbuntu Local Security Checks
high
119828Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3847-2)NessusUbuntu Local Security Checks
high
119827Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3847-1)NessusUbuntu Local Security Checks
high
119826Ubuntu 18.10 : Linux kernel vulnerability (USN-3846-1)NessusUbuntu Local Security Checks
medium
119813Amazon Linux AMI : kernel (ALAS-2018-1133)NessusAmazon Linux Local Security Checks
medium
119787Amazon Linux 2 : kernel (ALAS-2018-1133)NessusAmazon Linux Local Security Checks
medium
119647SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:4069-1)NessusSuSE Local Security Checks
high
119638Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4304)NessusOracle Linux Local Security Checks
high
119567Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4301)NessusOracle Linux Local Security Checks
high
119535Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4300)NessusOracle Linux Local Security Checks
high
119292OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0284)NessusOracleVM Local Security Checks
medium
119286SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3934-1)NessusSuSE Local Security Checks
high
119279Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4288)NessusOracle Linux Local Security Checks
medium
119158Fedora 27 : kernel / kernel-headers / kernel-tools (2018-b68776e5b0)NessusFedora Local Security Checks
medium
119077openSUSE Security Update : the Linux Kernel (openSUSE-2018-1427)NessusSuSE Local Security Checks
high
119064EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1373)NessusHuawei Local Security Checks
medium
118952SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3746-1)NessusSuSE Local Security Checks
high
118882SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3689-1)NessusSuSE Local Security Checks
high
118818openSUSE Security Update : the Linux Kernel (openSUSE-2018-1342)NessusSuSE Local Security Checks
high