CVE-2018-11508: Infoleak
First published: Mon May 28 2018(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <4.16.9 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| Canonical Ubuntu Linux | =18.04 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95
- http://www.securityfocus.com/bid/104292
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1574
- https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95
- https://usn.ubuntu.com/3695-1/
- https://usn.ubuntu.com/3695-2/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://www.exploit-db.com/exploits/46208/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9
- https://launchpad.net/bugs/cve/CVE-2018-11508
- https://git.kernel.org/linus/0a0b98734479aa5b3c671d5190e86273372cab95
- https://security-tracker.debian.org/tracker/CVE-2018-11508
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11508
- https://nvd.nist.gov/vuln/detail/CVE-2018-11508
- https://ubuntu.com/security/CVE-2018-11508
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-11508.
What is the description of the vulnerability?
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
Which versions of Linux kernel are affected by this vulnerability?
Versions of the Linux kernel before 4.16.9 are affected by this vulnerability.
How can local users exploit this vulnerability?
Local users can exploit this vulnerability by using adjtimex to obtain sensitive information from kernel memory.
How can I fix this vulnerability?
To fix this vulnerability, update the Linux kernel to version 4.17 or later.
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- version/canonical ubuntu linux/18.04
- package-manager/debian