CVE-2018-7754
Severity CVSS v4.0:
Pending analysis
Type:
CWE-532
Information Exposure Through Log Files
Publication date:
10/08/2018
Last modified:
17/06/2026
Description
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | |
| cpe:2.3:o:linux:linux_kernel:4.16:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.16:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.16:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.16:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421
- https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-7754.md
- https://elixir.bootlin.com/linux/v4.16-rc4/source/drivers/block/aoe/aoeblk.c#L421
- https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-7754.md



