A new critical vulnerability has been discovered in Linux kernel up to version 4.16.5, security researchers just reported. The flaw, which is given the CVE-2018-10940 identifier is said to affect the function cdrom_ioctl_media_changed of the file drivers/cdrom/cdrom.c.
CVE-2018-10940 Official Description
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
More particularly, the manipulation with an unknown input leads to a memory corruption vulnerability. According to researchers:
The attack needs to be approached locally. A single authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 05/10/2018).
The exploitation of CVE-2018-10940 can lead to compromise of confidentiality, integrity and availability, researchers warned. To fix the vulnerability, users should upgrade to version 4.16.6.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: