CVE-2018-6559 - OpenCVE

The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105752
https://launchpad.net/bugs/1793458
https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html
https://usn.ubuntu.com/3832-1/
https://usn.ubuntu.com/3833-1/
https://usn.ubuntu.com/3835-1/
https://usn.ubuntu.com/3836-1/
https://usn.ubuntu.com/3836-2/

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2018-10-26T17:00:00Z

Updated: 2024-09-16T19:19:23.303Z

Reserved: 2018-02-02T00:00:00

Link: CVE-2018-6559

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-10-26T17:29:00.413

Modified: 2019-10-09T23:41:54.893

Link: CVE-2018-6559

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10", "vendor": "Canonical Ltd.", "versions": [{"status": "affected", "version": "4.15.0-38.41"}, {"status": "affected", "version": "4.18.0-10.11"}]}], "credits": [{"lang": "en", "value": "Philipp Wendler"}], "datePublic": "2018-10-18T00:00:00", "descriptions": [{"lang": "en", "value": "The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-12-04T10:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "105752", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105752"}, {"name": "USN-3836-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3836-2/"}, {"name": "USN-3835-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3835-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html"}, {"name": "USN-3833-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3833-1/"}, {"name": "USN-3832-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3832-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/bugs/1793458"}, {"name": "USN-3836-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3836-1/"}], "source": {"discovery": "UNKNOWN"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2018-10-18T00:00:00.000Z", "ID": "CVE-2018-6559", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10", "version": {"version_data": [{"affected": "=", "version_affected": "=", "version_value": "4.15.0-38.41"}, {"affected": "=", "version_affected": "=", "version_value": "4.18.0-10.11"}]}}]}, "vendor_name": "Canonical Ltd."}]}}, "credit": [{"lang": "eng", "value": "Philipp Wendler"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Information Exposure"}]}]}, "references": {"reference_data": [{"name": "105752", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105752"}, {"name": "USN-3836-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3836-2/"}, {"name": "USN-3835-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3835-1/"}, {"name": "https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html", "refsource": "CONFIRM", "url": "https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html"}, {"name": "https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html", "refsource": "CONFIRM", "url": "https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html"}, {"name": "USN-3833-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3833-1/"}, {"name": "USN-3832-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3832-1/"}, {"name": "https://launchpad.net/bugs/1793458", "refsource": "CONFIRM", "url": "https://launchpad.net/bugs/1793458"}, {"name": "USN-3836-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3836-1/"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:10:10.381Z"}, "title": "CVE Program Container", "references": [{"name": "105752", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105752"}, {"name": "USN-3836-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3836-2/"}, {"name": "USN-3835-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3835-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html"}, {"name": "USN-3833-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3833-1/"}, {"name": "USN-3832-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3832-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/bugs/1793458"}, {"name": "USN-3836-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3836-1/"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2018-6559", "datePublished": "2018-10-26T17:00:00Z", "dateReserved": "2018-02-02T00:00:00", "dateUpdated": "2024-09-16T19:19:23.303Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace."}, {"lang": "es", "value": "El kernel de Linux, tal y como se emplea en Ubuntu 18.04 LTS y Ubuntu 18.10, permite que usuarios locales obtengan los nombres de archivos a los que normalmente no podr\u00edan acceder mediante un montaje overlayfs dentro de un espacio de nombre de usuario."}], "id": "CVE-2018-6559", "lastModified": "2019-10-09T23:41:54.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-26T17:29:00.413", "references": [{"source": "security@ubuntu.com", "tags": ["VDB Entry", "Third Party Advisory"], "url": "http://www.securityfocus.com/bid/105752"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1793458"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3832-1/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3833-1/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3835-1/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3836-1/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3836-2/"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@ubuntu.com", "type": "Secondary"}]}