Local File Access Vulnerability in Ubuntu Linux Kernel
CVE-2018-6559

3.3LOW

Key Information:

Vendor
CVE Published:
18 October 2018

Summary

A vulnerability in the Linux kernel, prevalent in specific Ubuntu distributions, enables local users to access filenames in restricted directories when utilizing an overlayfs mount within a user namespace. This flaw could potentially lead to sensitive information disclosure, impacting system confidentiality and user privacy.

Affected Version(s)

Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10 4.15.0-38.41

Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10 4.18.0-10.11

References

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Philipp Wendler
.