UBUNTU-CVE-2018-11508
Advisory lineage Upstream: 1 Downstream: 3
Upstream
Downstream
Published: 28 May 2018, 00:00
Last modified:22 Apr 2026, 11:42
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
28 May 2018, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 11:42
Last Modified
Vulnerability information updated
Description
The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.
CVSS Metrics
- v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Systems
- ubuntu•linux
< 4.15.0-24.26
- ubuntu•linux-aws
< 4.15.0-1011.11
- ubuntu•linux-azure
< 4.15.0-1014.14~16.04.1 | < 4.15.0-1014.14
- ubuntu•linux-gcp
< 4.15.0-1014.14~16.04.1 | < 4.15.0-1010.10
- ubuntu•linux-hwe
< 4.15.0-24.26~16.04.1
- ubuntu•linux-kvm
< 4.15.0-1012.12
- ubuntu•linux-oem
< 4.13.0-1031.35 | < 4.15.0-1009.12
- ubuntu•linux-raspi2
< 4.15.0-1013.14
References (10)
- https://ubuntu.com/security/CVE-2018-11508
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1574
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95
- https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9
- https://ubuntu.com/security/notices/USN-3695-1
- https://ubuntu.com/security/notices/USN-3695-2
- https://ubuntu.com/security/notices/USN-3697-1
- https://ubuntu.com/security/notices/USN-3697-2
- https://www.cve.org/CVERecord?id=CVE-2018-11508