CVE-2018-16658

CVSS v3.0 6.1 (Medium)

CVSS v2.0 3.6 (Low)

EPSS 0.04 % (11^th)

Affected Products 3

Advisories 33

An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Related CVEs

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-09-07 14:29:03
(6 years ago)
Updated Date: 2019-08-06 17:15:28
(5 years ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 4.18.6 version	cpe:2.3:o:linux:linux_kernel		< 4.18.6

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:esm
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts

Configuration #3

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Weaknesses

Related CVEs

Affected Products

Canonical

Debian

Linux

Configuration #1

Configuration #2

Configuration #3