CVE-2018-5750

Description

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
• v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.04%• Percentile: 11%

Techniques & Countermeasures

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

• canonical•ubuntu_linux

  12.04 | 14.04 | 16.04 | 17.10

• debian•debian_linux

  7.0 | 8.0 | 9.0

• linux•linux_kernel

  ≤ 4.14.15

• redhat•enterprise_linux_desktop

  7.0

• redhat•enterprise_linux_server

  7.0

• redhat•enterprise_linux_server_aus

  7.6

• redhat•enterprise_linux_server_eus

  7.6

• redhat•enterprise_linux_server_tus

  7.6

• redhat•enterprise_linux_workstation

  7.0

• redhat•virtualization_host

  4.0

References (14)

• https://usn.ubuntu.com/3631-2/
• https://www.debian.org/security/2018/dsa-4187
• http://www.securitytracker.com/id/1040319
• https://usn.ubuntu.com/3631-1/
• https://www.debian.org/security/2018/dsa-4120
• https://usn.ubuntu.com/3697-1/
• https://access.redhat.com/errata/RHSA-2018:1062
• https://access.redhat.com/errata/RHSA-2018:2948
• https://usn.ubuntu.com/3697-2/
• https://access.redhat.com/errata/RHSA-2018:0676
• https://patchwork.kernel.org/patch/10174835/
• https://usn.ubuntu.com/3698-1/
• https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
• https://usn.ubuntu.com/3698-2/