CVE-2018-10940 Bug in Linux Kernel up to Version 4.16.5

A new critical vulnerability has been discovered in Linux kernel up to version 4.16.5, security researchers just reported. The flaw, which is given the CVE-2018-10940 identifier is said to affect the function cdrom_ioctl_media_changed of the file drivers/cdrom/cdrom.c.

CVE-2018-10940 Official Description

The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

More particularly, the manipulation with an unknown input leads to a memory corruption vulnerability. According to researchers:

The attack needs to be approached locally. A single authentication is required for exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 05/10/2018).

The exploitation of CVE-2018-10940 can lead to compromise of confidentiality, integrity and availability, researchers warned. To fix the vulnerability, users should upgrade to version 4.16.6.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys ‘Mr. Robot’ and fears ‘1984’.

More PostsWebsite

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/cve-2018-10940-linux-kernel/