Home

CVE-2018-18710

Description

An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.029

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel (USN-3819-1) linux-image-aws_4.18.0.1007.7_amd64.debLinux
Linux kernel (USN-3819-1) linux-image-gcp_4.18.0.1005.5_amd64.debLinux
Linux kernel (USN-3819-1) linux-image-gke_4.18.0.1005.5_amd64.debLinux
Linux kernel (USN-3819-1) linux-image-kvm_4.18.0.1006.6_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-aws_4.18.0.1007.7_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-gcp_4.18.0.1005.5_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-gke_4.18.0.1005.5_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-kvm_4.18.0.1006.6_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-azure_4.18.0.1007.8_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-generic_4.18.0.13.14_i386.debLinux
Linux kernel (USN-3846-1) linux-image-generic_4.18.0.13.14_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-lowlatency_4.18.0.13.14_i386.debLinux
Linux kernel (USN-3846-1) linux-image-lowlatency_4.18.0.13.14_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-4.18.0-1005-gcp_4.18.0-1005.6_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-4.18.0-1006-kvm_4.18.0-1006.6_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-4.18.0-1007-aws_4.18.0-1007.9_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-4.18.0-1007-azure_4.18.0-1007.7_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-4.18.0-13-generic_4.18.0-13.14_i386.debLinux
Linux kernel (USN-3846-1) linux-image-4.18.0-13-generic_4.18.0-13.14_amd64.debLinux
Linux kernel (USN-3846-1) linux-image-4.18.0-13-lowlatency_4.18.0-13.14_i386.debLinux
Linux kernel (USN-3846-1) linux-image-4.18.0-13-lowlatency_4.18.0-13.14_amd64.debLinux
Linux kernel (USN-3848-1) linux-image-aws_4.4.0.1074.76_amd64.debLinux
Linux kernel (USN-3848-1) linux-image-kvm_4.4.0.1039.38_amd64.debLinux
Linux kernel (USN-3848-1) linux-image-generic_4.4.0.141.147_i386.debLinux
Linux kernel (USN-3848-1) linux-image-generic_4.4.0.141.147_amd64.debLinux
Linux kernel (USN-3848-1) linux-image-lowlatency_4.4.0.141.147_i386.debLinux
Linux kernel (USN-3848-1) linux-image-lowlatency_4.4.0.141.147_amd64.debLinux
Linux kernel (USN-3848-1) linux-image-4.4.0-1039-kvm_4.4.0-1039.45_amd64.debLinux
Linux kernel (USN-3848-1) linux-image-4.4.0-1074-aws_4.4.0-1074.84_amd64.debLinux
Linux kernel (USN-3848-1) linux-image-4.4.0-141-generic_4.4.0-141.167_i386.debLinux
Linux kernel (USN-3848-1) linux-image-4.4.0-141-generic_4.4.0-141.167_amd64.debLinux
Linux kernel (USN-3848-1) linux-image-4.4.0-141-lowlatency_4.4.0-141.167_i386.debLinux
Linux kernel (USN-3848-1) linux-image-4.4.0-141-lowlatency_4.4.0-141.167_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3848-2) linux-image-aws_4.4.0.1037.37_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3848-2) linux-image-4.4.0-1037-aws_4.4.0-1037.40_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3848-2) linux-image-4.4.0-141-generic_4.4.0-141.167~14.04.1_i386.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3848-2) linux-image-4.4.0-141-generic_4.4.0-141.167~14.04.1_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3848-2) linux-image-4.4.0-141-lowlatency_4.4.0-141.167~14.04.1_i386.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-3848-2) linux-image-4.4.0-141-lowlatency_4.4.0-141.167~14.04.1_amd64.debLinux
Dtrace-modules-3.8.13-118.28.1.el6uek update (ELSA-2018-4300) dtrace-modules-3.8.13-118.28.1.el6uek-0.4.5-3.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-118.28.1.el7uek update (ELSA-2018-4300) dtrace-modules-3.8.13-118.28.1.el7uek-0.4.5-3.el7.x86_64.rpmLinux
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-18710)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234