Back to search
CVE-2018-16862
Published: Nov 26, 2018
Modified: Aug 5, 2024
PUBLISHED
CVSS v3.0
5.3
MEDIUM
Description
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
| Vendor | Product | Versions |
|---|---|---|
[UNKNOWN] | kernel: | affected n/a |
Weaknesses (CWE)
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
References
106009
vdb-entry
x_refsource_BID
USN-3879-2
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20181123 CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak
mailing-list
x_refsource_MLIST
USN-3879-1
vendor-advisory
x_refsource_UBUNTU
https://lore.kernel.org/patchwork/patch/1011367/
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862
x_refsource_CONFIRM
[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update
mailing-list
x_refsource_MLIST
USN-4094-1
vendor-advisory
x_refsource_UBUNTU
USN-4118-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now