Lucene search

K

RedhatCVELIST:CVE-2018-16862

HistoryNov 26, 2018 - 7:00 p.m.

CVE-2018-16862

2018-11-2619:00:00

CWE-200

redhat

www.cve.org

7

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

26.5%

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.

CNA Affected

[
  {
    "product": "kernel:",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

www.securityfocus.com/bid/106009

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862

lists.debian.org/debian-lts-announce/2019/03/msg00017.html

lists.debian.org/debian-lts-announce/2019/03/msg00034.html

lists.debian.org/debian-lts-announce/2019/04/msg00004.html

lore.kernel.org/patchwork/patch/1011367/

seclists.org/oss-sec/2018/q4/169

usn.ubuntu.com/3879-1/

usn.ubuntu.com/3879-2/

usn.ubuntu.com/4094-1/

usn.ubuntu.com/4118-1/

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

26.5%

Related for CVELIST:CVE-2018-16862

nvd1 redhatcve1 ubuntucve1 prion1 cve1 debiancve1 openvas71 fedora49 nessus32 amazon2 oraclelinux2 ubuntu4 cloudfoundry2 mageia3 suse2 photon3 debian3 osv2 slackware1 androidsecurity1