Home > Cyber News > CVE-2018-10940 Bug in Linux Kernel up to Version 4.16.5

CVE-2018-10940 Bug in Linux Kernel up to Version 4.16.5

A new critical vulnerability has been discovered in Linux kernel up to version 4.16.5, security researchers just reported. The flaw, which is given the CVE-2018-10940 identifier is said to affect the function cdrom_ioctl_media_changed of the file drivers/cdrom/cdrom.c.

Related Story: CVE-2018-8781: 8-Year-Old Linux Kernel Bug Discovered

CVE-2018-10940 Official Description

The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

More particularly, the manipulation with an unknown input leads to a memory corruption vulnerability. According to researchers:

The attack needs to be approached locally. A single authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 05/10/2018).

The exploitation of CVE-2018-10940 can lead to compromise of confidentiality, integrity and availability, researchers warned. To fix the vulnerability, users should upgrade to version 4.16.6.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree