Cleancache Subsystem Issue in Linux Kernel by Ubuntu
CVE-2018-16862

5.3MEDIUM

Key Information:

Vendor

[unknown]

Status
Kernel:
Vendor
CVE Published:
26 November 2018

What is CVE-2018-16862?

A vulnerability exists in the Linux kernel's cleancache subsystem, which fails to properly clear an inode after a file has been truncated. This oversight can lead to situations where newly created files may unintentionally retain leftover pages from cleancache, thus leaking data from previously deleted files. As a result, sensitive information might be exposed to unauthorized users, potentially leading to significant privacy risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

kernel:

References

http://www.securityfocus.com/bid/106009
vdb-entryx_refsource_BID
https://usn.ubuntu.com/3879-2/
vendor-advisoryx_refsource_UBUNTU
https://seclists.org/oss-sec/2018/q4/169
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.