Local File Access Vulnerability in Ubuntu Linux Kernel
CVE-2018-6559

3.3LOW

Key Information:

Vendor
Canonical Ltd.
Status
Linux Kernel, As Used In Ubuntu 18.04 Lts And Ubuntu 18.10
Vendor
CVE Published:
18 October 2018

Summary

A vulnerability in the Linux kernel, prevalent in specific Ubuntu distributions, enables local users to access filenames in restricted directories when utilizing an overlayfs mount within a user namespace. This flaw could potentially lead to sensitive information disclosure, impacting system confidentiality and user privacy.

Affected Version(s)

Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10 4.15.0-38.41

Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10 4.18.0-10.11

References

http://www.securityfocus.com/bid/105752
vdb-entryx_refsource_BID
https://usn.ubuntu.com/3836-2/
vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3835-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Philipp Wendler
.