The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
References
Link | Resource |
---|---|
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9 | Release Notes Vendor Advisory |
https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95 | Patch Third Party Advisory |
https://bugs.chromium.org/p/project-zero/issues/detail?id=1574 | Exploit Issue Tracking Third Party Advisory |
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/104292 | Third Party Advisory VDB Entry |
https://usn.ubuntu.com/3697-2/ | Third Party Advisory |
https://usn.ubuntu.com/3697-1/ | Third Party Advisory |
https://usn.ubuntu.com/3695-2/ | Third Party Advisory |
https://usn.ubuntu.com/3695-1/ | Third Party Advisory |
https://www.exploit-db.com/exploits/46208/ | Exploit Third Party Advisory VDB Entry |
Information
Published : 2018-05-28 06:29
Updated : 2019-03-27 09:11
NVD link : CVE-2018-11508
Mitre link : CVE-2018-11508
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
canonical
- ubuntu_linux
linux
- linux_kernel