Vulnerability Details : CVE-2018-16862
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
Vulnerability category: Information leak
Products affected by CVE-2018-16862
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16862
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16862
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N |
1.0
|
4.2
|
Red Hat, Inc. |
CWE ids for CVE-2018-16862
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2018-16862
-
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
[SECURITY] [DLA 1715-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4094-1/
USN-4094-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/4118-1/
USN-4118-1: Linux kernel (AWS) vulnerabilities | Ubuntu security notices
-
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
[SECURITY] [DLA 1731-2] linux regression update
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862
1649017 – (CVE-2018-16862) CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodesIssue Tracking;Third Party Advisory
-
https://seclists.org/oss-sec/2018/q4/169
oss-sec: CVE-2018-16862: Linux kernel: cleancache: deleted files infoleakMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/106009
Linux Kernel CVE-2018-16862 Local Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
[SECURITY] [DLA 1731-1] linux security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3879-2/
USN-3879-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lore.kernel.org/patchwork/patch/1011367/
mm: cleancache: fix corruption on missed inode invalidation - PatchworkIssue Tracking;Patch;Vendor Advisory
-
https://usn.ubuntu.com/3879-1/
USN-3879-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to