5.5

CVE-2018-7754

The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.15
LinuxLinux Kernel Version4.16 Updaterc1
LinuxLinux Kernel Version4.16 Updaterc2
LinuxLinux Kernel Version4.16 Updaterc3
LinuxLinux Kernel Version4.16 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.296
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421
Third Party Advisory
https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-7754.md
Third Party Advisory