CVE-2018-6412

Опубликовано: 31 янв. 2018

Источник: redhat

CVSS3: 3.3

Описание

In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.

In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel, up to and including 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.

Отчет

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE, as the code with the flaw is not built and is not shipped with the products listed.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-194

https://bugzilla.redhat.com/show_bug.cgi?id=1541240kernel: Incorrect integer signedness in sbuslibc:sbusfb_ioctl_helper() allows for information leakage

3.3 Low

CVSS3

Связанные уязвимости

CVE-2018-6412

CVSS3: 7.5

ubuntu

около 8 лет назад

CVE-2018-6412

CVSS3: 7.5

nvd

около 8 лет назад

CVE-2018-6412

CVSS3: 7.5

debian

около 8 лет назад

In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c ...

GHSA-2gc2-cm86-3pjx

CVSS3: 7.5

github

больше 3 лет назад

3.3 Low

CVSS3