CVE-2018-5750

Current Description

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

Basic Data

PublishedJanuary 26, 2018
Last ModifiedMarch 07, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score2.1
SeverityLOW
Exploitability Score3.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactNONE
CVSS 3 - Base Score5.5
CVSS 3 - Base SeverityMEDIUM
Exploitability Score1.8
Base SeverityMEDIUM

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********4.14.15
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux7.0*******
    2.3OSDebianDebian Linux8.0*******
    2.3OSDebianDebian Linux9.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux12.04***esm***
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux16.04***lts***
    2.3OSCanonicalUbuntu Linux17.10*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatVirtualization Host4.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server Aus7.6*******
    2.3OSRedhatEnterprise Linux Server Eus7.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.6*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 7.0, 8.0, 9.0
Canonical Ubuntu Linux 12.04, 14.04, 16.04, 17.10
Redhat Enterprise Linux Workstation 7.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server 7.0
Linux Linux Kernel *

References

NameSourceURLTags
1040319http://www.securitytracker.com/id/1040319SECTRACKThird Party Advisory VDB Entry
RHSA-2018:0676https://access.redhat.com/errata/RHSA-2018:0676REDHATThird Party Advisory
RHSA-2018:1062https://access.redhat.com/errata/RHSA-2018:1062REDHATThird Party Advisory
RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:2948REDHATThird Party Advisory
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security updatehttps://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlMLISTMailing List Third Party Advisory
https://patchwork.kernel.org/patch/10174835/https://patchwork.kernel.org/patch/10174835/CONFIRMIssue Tracking Patch Third Party Advisory
USN-3631-1https://usn.ubuntu.com/3631-1/UBUNTUThird Party Advisory
USN-3631-2https://usn.ubuntu.com/3631-2/UBUNTUThird Party Advisory
USN-3697-1https://usn.ubuntu.com/3697-1/UBUNTUThird Party Advisory
USN-3697-2https://usn.ubuntu.com/3697-2/UBUNTUThird Party Advisory
USN-3698-1https://usn.ubuntu.com/3698-1/UBUNTUThird Party Advisory
USN-3698-2https://usn.ubuntu.com/3698-2/UBUNTUThird Party Advisory
DSA-4120https://www.debian.org/security/2018/dsa-4120DEBIANThird Party Advisory
DSA-4187https://www.debian.org/security/2018/dsa-4187DEBIANThird Party Advisory