Vulnerability Description
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 4.15 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6cPatchVendor Advisory
- https://github.com/torvalds/linux/commit/250c6c49e3b68756b14983c076183568636e2bdPatchThird Party Advisory
- https://marc.info/?l=linux-fbdev&m=151734425901499&w=2Issue TrackingPatchThird Party Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6cPatchVendor Advisory
- https://github.com/torvalds/linux/commit/250c6c49e3b68756b14983c076183568636e2bdPatchThird Party Advisory
- https://marc.info/?l=linux-fbdev&m=151734425901499&w=2Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2018-6412?
CVE-2018-6412 is a vulnerability with a CVSS score of 7.5 (HIGH). In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and ...
How severe is CVE-2018-6412?
CVE-2018-6412 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6412?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.