CVE-2018-18710

Published: 29 October 2018

An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.

From the Ubuntu security team

It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory).

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.15.0-43.46)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.4.0-141.167)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (3.13.0-164.214)
	Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
linux-aws Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.15.0-1031.33)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.4.0-1074.84)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (4.4.0-1037.40)
linux-aws-hwe Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.15.0-1031.33~16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-azure Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.15.0-1036.38)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.15.0-1036.38~16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (4.15.0-1036.38~14.04.2)
linux-azure-edge Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.15.0-1036.38)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.15.0-1036.38~16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-euclid Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Ignored (was needs-triage ESM criteria)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-flo Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Ignored (abandoned)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [abandoned])
linux-gcp Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.15.0-1026.27)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.15.0-1026.27~16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-gcp-edge Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.18.0-1005.6~18.04.1)
	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-gke Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Ignored (end-of-life)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-goldfish Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Ignored (end-of-life)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [abandoned])
linux-grouper Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [abandoned])
linux-hwe Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.18.0-13.14~18.04.1)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.15.0-43.46~16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-hwe-edge Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (5.0.0-8.9~18.04.1)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.15.0-43.46~16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-kvm Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.15.0-1028.28)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.4.0-1039.45)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-lts-trusty Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-lts-utopic Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [out of standard support])
linux-lts-vivid Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [out of standard support])
linux-lts-wily Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [out of standard support])
linux-lts-xenial Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (4.4.0-141.167~14.04.1)
linux-maguro Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [abandoned])
linux-mako Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Ignored (abandoned)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [abandoned])
linux-manta Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Does not exist
	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [abandoned])
linux-oem Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.15.0-1030.35)
	Ubuntu 16.04 LTS (Xenial Xerus)	Ignored (was needs-triage now end-of-life)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-oracle Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable (4.15.0-1007.9)
	Ubuntu 16.04 LTS (Xenial Xerus)	Not vulnerable (4.15.0-1007.9~16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-raspi2 Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (4.15.0-1030.32)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.4.0-1102.110)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-snapdragon Launchpad, Ubuntu, Debian	Upstream	Released (4.20~rc1)



	Ubuntu 18.04 LTS (Bionic Beaver)	Not vulnerable
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (4.4.0-1106.111)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM