The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.
http://www.securityfocus.com/bid/105045
https://github.com/johnsonwangqize/cve-linux/blob/master/%20CVE-2018-5953.md
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
Source: MITRE
Published: 2018-08-07
Updated: 2021-01-28
Type: CWE-200
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.14.14 (inclusive)
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
137128 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0019) | Nessus | OracleVM Local Security Checks | high |
135574 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5649) | Nessus | Oracle Linux Local Security Checks | medium |
135432 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5644) | Nessus | Oracle Linux Local Security Checks | low |
135381 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5642) | Nessus | Oracle Linux Local Security Checks | medium |
124977 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1524) | Nessus | Huawei Local Security Checks | high |
123420 | Debian DLA-1731-2 : linux regression update (Spectre) | Nessus | Debian Local Security Checks | high |