Information Disclosure

2020-04-1000:31:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

JSON

kernel is vulnerable to informatino disclosure. A flaw was found in the ecryptfs_write_metadata_to_contents() function of the Linux kernel eCryptfs implementation. On systems with a 4096 byte page-size, this flaw may have caused 4096 bytes of uninitialized kernel memory to be written into the eCryptfs file headers, leading to an information leak. Note: Encrypted files created on systems running the vulnerable version of eCryptfs may contain leaked data in the eCryptfs file headers.

CPENameOperatorVersion
kerneleq2.6.18__92.1.6.el5
kerneleq2.6.18__8.1.3.el5
kerneleq2.6.18__92.1.18.el5
kerneleq2.6.18__92.1.13.el5
kerneleq2.6.18__8.1.3.lspp.81.el5
kerneleq2.6.18__8.1.1.el5
kerneleq2.6.18__92.el5
kerneleq2.6.18__128.1.1.el5
kerneleq2.6.18__8.1.6.el5
kerneleq2.6.18__92.1.24.el5

Name	Operator	Version
kernel	eq	2.6.18__92.1.6.el5
kernel	eq	2.6.18__8.1.3.el5
kernel	eq	2.6.18__92.1.18.el5
kernel	eq	2.6.18__92.1.13.el5
kernel	eq	2.6.18__8.1.3.lspp.81.el5
kernel	eq	2.6.18__8.1.1.el5
kernel	eq	2.6.18__92.el5
kernel	eq	2.6.18__128.1.1.el5
kernel	eq	2.6.18__8.1.6.el5
kernel	eq	2.6.18__92.1.24.el5