CVE-2018-20449 - OpenCVE

The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Netapp	Element Software Management Node

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:4.14.90:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://elixir.bootlin.com/linux/v4.14.90/source/drivers/dma/qcom/hidma_dbg.c#L92
https://nvd.nist.gov/vuln/detail/CVE-2018-20449
https://security.netapp.com/advisory/ntap-20190502-0002/
https://www.cve.org/CVERecord?id=CVE-2018-20449
https://www.mail-archive.com/debian-security-tracker%40lists.debian.org/msg03808.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-04T15:25:30

Updated: 2024-08-05T11:58:19.359Z

Reserved: 2018-12-25T00:00:00

Link: CVE-2018-20449

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-04T16:29:00.383

Modified: 2023-11-07T02:56:17.440

Link: CVE-2018-20449

Redhat

Severity : Low

Publid Date: 2019-01-22T00:00:00Z

Links: CVE-2018-20449 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading \"callback=\" lines in a debugfs file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-02T09:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://elixir.bootlin.com/linux/v4.14.90/source/drivers/dma/qcom/hidma_dbg.c#L92"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mail-archive.com/debian-security-tracker%40lists.debian.org/msg03808.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190502-0002/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20449", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading \"callback=\" lines in a debugfs file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://elixir.bootlin.com/linux/v4.14.90/source/drivers/dma/qcom/hidma_dbg.c#L92", "refsource": "CONFIRM", "url": "https://elixir.bootlin.com/linux/v4.14.90/source/drivers/dma/qcom/hidma_dbg.c#L92"}, {"name": "https://www.mail-archive.com/debian-security-tracker@lists.debian.org/msg03808.html", "refsource": "MISC", "url": "https://www.mail-archive.com/debian-security-tracker@lists.debian.org/msg03808.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190502-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190502-0002/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:58:19.359Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://elixir.bootlin.com/linux/v4.14.90/source/drivers/dma/qcom/hidma_dbg.c#L92"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mail-archive.com/debian-security-tracker%40lists.debian.org/msg03808.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190502-0002/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20449", "datePublished": "2019-04-04T15:25:30", "dateReserved": "2018-12-25T00:00:00", "dateUpdated": "2024-08-05T11:58:19.359Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:4.14.90:*:*:*:*:*:*:*", "matchCriteriaId": "0AFADFA1-25D0-4DF0-8D61-E8C24E524E68", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "E902EEC6-9A41-4FBC-8D81-891DF846A5CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading \"callback=\" lines in a debugfs file."}, {"lang": "es", "value": "La funci\u00f3n hidma_chan_stats en drivers/dma/qcom/hidma_dbg.c en el kernel de Linux, en su versi\u00f3n 4.14.90, permite a los usuarios locales obtener informaci\u00f3n sensible de direcciones, leyendo l\u00edneas \"callback=\" en un archivo debugfs."}], "id": "CVE-2018-20449", "lastModified": "2023-11-07T02:56:17.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-04T16:29:00.383", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://elixir.bootlin.com/linux/v4.14.90/source/drivers/dma/qcom/hidma_dbg.c#L92"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190502-0002/"}, {"source": "cve@mitre.org", "url": "https://www.mail-archive.com/debian-security-tracker%40lists.debian.org/msg03808.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: reading \"callback=\" lines in a debugfs file in drivers/dma/qcom/hidma_dbg.c results in information disclosure", "id": "1696604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696604"}, "csaw": false, "cvss3": {"cvss3_base_score": "1.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading \"callback=\" lines in a debugfs file.", "The hidma_chan_stats() function in the drivers/dma/qcom/hidma_dbg.c file in the Linux kernel allows local users to obtain sensitive address information by reading \"callback=\" lines in a debugfs file. By default, the debugfs filesystem access is restricted so only a privileged user can access it."], "name": "CVE-2018-20449", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-01-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-20449\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20449"], "threat_severity": "Low"}