Local File Access Vulnerability in Ubuntu Linux Kernel
CVE-2018-6559
3.3LOW
Key Information:
- Vendor
- Canonical Ltd.
- Vendor
- CVE Published:
- 18 October 2018
Summary
A vulnerability in the Linux kernel, prevalent in specific Ubuntu distributions, enables local users to access filenames in restricted directories when utilizing an overlayfs mount within a user namespace. This flaw could potentially lead to sensitive information disclosure, impacting system confidentiality and user privacy.
Affected Version(s)
Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10 4.15.0-38.41
Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10 4.18.0-10.11
References
CVSS V3.1
Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Philipp Wendler