製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel におけるバッファエラーの脆弱性

Title	Linux Kernel におけるバッファエラーの脆弱性
Summary	Linux Kernel には、バッファエラーの脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 29, 2018, midnight
Registration Date	June 29, 2018, 5:35 p.m.
Last Update	June 29, 2018, 5:35 p.m.

CVSS3.0 : 警告
Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
Score	4.9
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:C

Affected System

Debian

Debian GNU/Linux

Linux

Linux Kernel 4.16.6 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-10940	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10940
National Vulnerability Database (NVD)
2	CVE-2018-10940	https://nvd.nist.gov/vuln/detail/CVE-2018-10940

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
ChangeLog
1	ChangeLog-4.16.6	https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6
Debian
2	[SECURITY] [DLA 1392-1] linux security update	https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
GitHub
3	cdrom: information leak in cdrom_ioctl_media_changed()	https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
Linux Kernel
4	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
5	cdrom: information leak in cdrom_ioctl_media_changed()	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707

Change Log

No	Changed Details	Date of change
1	[2018年06月29日] 掲載	June 29, 2018, 5:35 p.m.

NVD Vulnerability Information

CVE-2018-10940

Summary	The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
Publication Date	May 10, 2018, 2:29 a.m.
Registration Date	March 1, 2021, 6:44 p.m.
Last Update	Nov. 21, 2024, 12:42 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::					4.16.6

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:7.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707	Patch
2	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707	Patch
3	http://www.securityfocus.com/bid/104154	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/104154	Third Party Advisory VDB Entry
5	https://access.redhat.com/errata/RHSA-2018:2948
6	https://access.redhat.com/errata/RHSA-2018:2948
7	https://access.redhat.com/errata/RHSA-2018:3083
8	https://access.redhat.com/errata/RHSA-2018:3083
9	https://access.redhat.com/errata/RHSA-2018:3096
10	https://access.redhat.com/errata/RHSA-2018:3096
11	https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707	Patch
12	https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707	Patch
13	https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html	Third Party Advisory
14	https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html	Third Party Advisory
15	https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
16	https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
17	https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
18	https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
19	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
20	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
21	https://usn.ubuntu.com/3676-1/	Third Party Advisory
22	https://usn.ubuntu.com/3676-1/	Third Party Advisory
23	https://usn.ubuntu.com/3676-2/	Third Party Advisory
24	https://usn.ubuntu.com/3676-2/	Third Party Advisory
25	https://usn.ubuntu.com/3695-1/
26	https://usn.ubuntu.com/3695-1/
27	https://usn.ubuntu.com/3695-2/
28	https://usn.ubuntu.com/3695-2/
29	https://usn.ubuntu.com/3754-1/
30	https://usn.ubuntu.com/3754-1/
31	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6	Release Notes
32	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6	Release Notes

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html