Vulnerability Details CVE-2018-6559
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.2%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 2.1
References
- http://www.securityfocus.com/bid/105752
- https://launchpad.net/bugs/1793458
- https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html
- https://usn.ubuntu.com/3832-1/
- https://usn.ubuntu.com/3833-1/
- https://usn.ubuntu.com/3835-1/
- https://usn.ubuntu.com/3836-1/
- https://usn.ubuntu.com/3836-2/
- http://www.securityfocus.com/bid/105752
- https://launchpad.net/bugs/1793458
- https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html
- https://usn.ubuntu.com/3832-1/
- https://usn.ubuntu.com/3833-1/
- https://usn.ubuntu.com/3835-1/
- https://usn.ubuntu.com/3836-1/
- https://usn.ubuntu.com/3836-2/
Products affected by CVE-2018-6559
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:linux:linux_kernel:-