CVE-2018-16862

Impact:
Moderate
Public Date:
2018-11-24
CWE:
CWE-200
Bugzilla:
1649017: CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.

Find out more about CVE-2018-16862 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
Attack Vector Local
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Impact Low
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Not affected
Red Hat Enterprise Linux 8 kernel Will not fix
Red Hat Enterprise Linux 8 kernel-rt Will not fix
Red Hat Enterprise Linux 7 kernel-alt Will not fix
Red Hat Enterprise Linux 7 kernel Not affected
Red Hat Enterprise Linux 7 kernel-rt Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 5 kernel Not affected

Acknowledgements

Red Hat would like to thank Vasily Averin (Virtuozzo Kernel Team) and Pavel Tikhomirov (Virtuozzo Kernel Team) for reporting this issue.

External References

Last Modified