| Revision Date: | 2018-11-26 | Version: | 1 | | Title: | CVE-2018-16862 on Ubuntu 18.10 (cosmic) - low. | | Description: | A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2018-16862
| | Platform(s): | Ubuntu 18.10
| Product(s): | | | Definition Synopsis | | Ubuntu 18.10 (cosmic) is installed. AND Package Information
linux: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-aws: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-azure: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-gcp: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-kvm: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-meta: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-meta-aws: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-meta-azure: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-meta-gcp: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-meta-kvm: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-meta-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-meta-raspi2: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-oracle: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-raspi2: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-signed: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-signed-azure: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-signed-gcp: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
OR linux-signed-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
|
|