CVE-2018-6559
low-risk
Published 2018-10-26
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
Do I need to act?
-
0.08% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10
Low
LOCAL
/ LOW complexity
Affected Products (4)
References (18)
Third Party Advisory
http://www.securityfocus.com/bid/105752
Third Party Advisory
https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html
Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html
Third Party Advisory
https://usn.ubuntu.com/3832-1/
Third Party Advisory
https://usn.ubuntu.com/3833-1/
Third Party Advisory
https://usn.ubuntu.com/3835-1/
Third Party Advisory
https://usn.ubuntu.com/3836-1/
Third Party Advisory
https://usn.ubuntu.com/3836-2/
Third Party Advisory
http://www.securityfocus.com/bid/105752
Third Party Advisory
https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html
Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html
Third Party Advisory
https://usn.ubuntu.com/3832-1/
Third Party Advisory
https://usn.ubuntu.com/3833-1/
Third Party Advisory
https://usn.ubuntu.com/3835-1/
Third Party Advisory
https://usn.ubuntu.com/3836-1/
Third Party Advisory
https://usn.ubuntu.com/3836-2/
23
/ 100
low-risk
Severity
13/34 · Low
Exploitability
0/34 · Minimal
Exposure
10/34 · Low