A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Linux Kernel Vulnerability

Linux Kernel Vulnerability

Advisory No: TZCERT/SA/2018/07/03

Date of First Release: 3rd July 2018 .

Source: Linux Kernel Organization, Cisco, Bugzilla et.c

Product Affected: Linux kernel prior to 4.16.6

Overview:

A vulnerability has been reported in Linux kernel which could allow a local attacker to read out kernel memory leading to information disclosure of sensitive information.

Description:

This vulnerability exists in the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c of the Linux Kernel due to its failure to handle incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl. A local attacker could exploit this vulnerability by executing a malicious input to the target system.

Impact:

Successful exploitation of this vulnerability could allow the attacker to read kernel memory leading to disclosure of sensitive information.

Solution:

Users and administrators are urged to apply appropriate updates and patches as mentioned in the following links:  Kernel 4.16.6 or later   and cdrom: information leak in cdrom_ioctl_media_changed()

Furthermore, system administrators are recommended to monitor their critical systems running on linux operating systems (OS) and ensure that only trusted and privileged users have access.

References:

  1. https://tools.cisco.com/security/center/viewAlert.x?alertId=58170&vs_f=Alert%20RSS&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Linux%20Kernel%20cdrom_ioctl_media_changed%20Function%20Kernel%20Memory%20Read%20Vulnerability&vs_k=1
  2. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
  3. https://bugzilla.redhat.com/show_bug.cgi?id=1577408

Check Also

Critical Vulnerability in WordPress Bricks Plug-in (CVE-2024-25600)

Advisory No: TZCERT/SA/2024/02/22 Date of First Release: 22nd February 2024 Source: WordPress plugin Bricks Builder …