CVE-2018-5750 — MEDIUM (5.5)

Q: What is CVE-2018-5750?

CVE-2018-5750 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

Q: How severe is CVE-2018-5750?

CVE-2018-5750 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-5750?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Virtualization Host, Redhat Enterprise Linux Desktop.

Vulnerability Description

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 4.14.15
Debian	Debian Linux	7.0
Canonical	Ubuntu Linux	12.04
Redhat	Virtualization Host	4.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.6
Redhat	Enterprise Linux Server Eus	7.6
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Workstation	7.0

Related Weaknesses (CWE)

CWE-200

References

http://www.securitytracker.com/id/1040319Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0676Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1062Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlMailing ListThird Party Advisory
https://patchwork.kernel.org/patch/10174835/Issue TrackingPatchThird Party Advisory
https://usn.ubuntu.com/3631-1/Third Party Advisory
https://usn.ubuntu.com/3631-2/Third Party Advisory
https://usn.ubuntu.com/3697-1/Third Party Advisory
https://usn.ubuntu.com/3697-2/Third Party Advisory
https://usn.ubuntu.com/3698-1/Third Party Advisory
https://usn.ubuntu.com/3698-2/Third Party Advisory
https://www.debian.org/security/2018/dsa-4120Third Party Advisory
https://www.debian.org/security/2018/dsa-4187Third Party Advisory
http://www.securitytracker.com/id/1040319Third Party AdvisoryVDB Entry

FAQ

What is CVE-2018-5750?

CVE-2018-5750 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

How severe is CVE-2018-5750?

CVE-2018-5750 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5750?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Virtualization Host, Redhat Enterprise Linux Desktop.