CVE-2018-10940
kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
La función cdrom_ioctl_media_changed en drivers/cdrom/cdrom.c en el kernel de Linux en versiones anteriores a la 4.16.6 permite que atacantes locales empleen una comprobación de límites incorrecta en el ioctl CDROM_MEDIA_CHANGED del controlador CDROM para leer la memoria del kernel.
A flaw was found in the Linux kernel, before 4.16.6 where the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
USN-3676-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-09 CVE Reserved
- 2018-05-09 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104154 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html | Mailing List |
|
| https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2948 | 2018-10-31 | |
| https://access.redhat.com/errata/RHSA-2018:3083 | 2018-10-31 | |
| https://access.redhat.com/errata/RHSA-2018:3096 | 2018-10-31 | |
| https://usn.ubuntu.com/3676-1 | 2018-10-31 | |
| https://usn.ubuntu.com/3676-2 | 2018-10-31 | |
| https://usn.ubuntu.com/3695-1 | 2018-10-31 | |
| https://usn.ubuntu.com/3695-2 | 2018-10-31 | |
| https://usn.ubuntu.com/3754-1 | 2018-10-31 | |
| https://access.redhat.com/security/cve/CVE-2018-10940 | 2018-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1577408 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.16.6 Search vendor "Linux" for product "Linux Kernel" and version " < 4.16.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||