CVE-2018-14656

Sažetak

A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.

Reference

https://seclists.org/oss-sec/2018/q4/9
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=342db04ae71273322f0011384a9ed414df8bdae4
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14656
https://bugs.chromium.org/p/project-zero/issues/detail?id=1650
http://www.securitytracker.com/id/1041804
https://lore.kernel.org/lkml/20180828154901.112726-1-jannh%40google.com/T/

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 04:51

Objavljeno

08-10-2018 - 22:29