CVE-2018-16862

Published: Nov 26, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.

Affected (5)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux · Canonical: Ubuntu Linux · +1 more

Show all products

Linux: Linux Kernel · Redhat: Enterprise Linux · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

1 product

Enterprise Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.14

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (22)

http://www.securityfocus.com/bid/106009

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

Source: secalert@redhat.com

https://lore.kernel.org/patchwork/patch/1011367/

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://seclists.org/oss-sec/2018/q4/169

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3879-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3879-2/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4094-1/

Source: secalert@redhat.com

https://usn.ubuntu.com/4118-1/

Source: secalert@redhat.com

http://www.securityfocus.com/bid/106009

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lore.kernel.org/patchwork/patch/1011367/

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://seclists.org/oss-sec/2018/q4/169

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/3879-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3879-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4094-1/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4118-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.