CVE-2018-10940 Bug in Linux Kernel up to Version 4.16.5
NEWS

CVE-2018-10940 Bug in Linux Kernel up to Version 4.16.5

Rate this post

A new critical vulnerability has been discovered in Linux kernel up to version 4.16.5, security researchers just reported. The flaw, which is given the CVE-2018-10940 identifier is said to affect the function cdrom_ioctl_media_changed of the file drivers/cdrom/cdrom.c.

Related Story: CVE-2018-8781: 8-Year-Old Linux Kernel Bug Discovered

CVE-2018-10940 Official Description

The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

More particularly, the manipulation with an unknown input leads to a memory corruption vulnerability. According to researchers:

The attack needs to be approached locally. A single authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 05/10/2018).

The exploitation of CVE-2018-10940 can lead to compromise of confidentiality, integrity and availability, researchers warned. To fix the vulnerability, users should upgrade to version 4.16.6.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...