Vulnerability Details CVE-2018-20449
The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- https://elixir.bootlin.com/linux/v4.14.90/source/drivers/dma/qcom/hidma_dbg.c#L92
- https://security.netapp.com/advisory/ntap-20190502-0002/
- https://www.mail-archive.com/debian-security-tracker%40lists.debian.org/msg03808.html
- https://elixir.bootlin.com/linux/v4.14.90/source/drivers/dma/qcom/hidma_dbg.c#L92
- https://security.netapp.com/advisory/ntap-20190502-0002/
- https://www.mail-archive.com/debian-security-tracker%40lists.debian.org/msg03808.html
Products affected by CVE-2018-20449
-
cpe:2.3:a:netapp:element_software_management_node:-
-
cpe:2.3:o:linux:linux_kernel:4.14.90