CVE-2018-11508

Updated: 2023-12-06

CWE: Information Leak / Disclosure

Description:

The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.

CVSS3: 5.5


Vendor State

OS Vendor version Errata
Ubuntu 18.04 4.15.0-24.26 USN-3695-1
Ubuntu 18.04 GCP 4.15.0-1010.10 USN-3695-1
Ubuntu 18.04 Azure 4.15.0-1014.14 USN-3695-1
Ubuntu 16.04 Azure 4.15.0-1014.14~16.04.1 USN-3695-2

KernelCare State

OS Original kernel version State
Ubuntu 18.04
4.15.0-20.21 show all hide all
4.15.0-23.25 4.15.0-22.24
Released
Proxmox VE 5
4.15.17-3-pve_4.15.17-12 show all hide all
4.15.10-1-pve_4.15.10-4 4.15.15-1-pve_4.15.15-6 4.15.17-1-pve_4.15.17-9 4.15.17-2-pve_4.15.17-10 4.15.3-1-pve_4.15.3-1
Released
Ubuntu 18.04 GCP
4.15.0-1009.9 show all hide all
4.15.0-1008.8 4.15.0-1006.6
Released
Endurance 7 eig 4.14
Ready For Release
Proofpoint
Ready For Release
Ubuntu 18.04 Azure
4.15.0-1012.12 show all hide all
4.15.0-1009.9 4.15.0-1013.13
Released
Ubuntu 16.04 Azure
4.15.0-1013.13~16.04.2
Released
Debian 10 cloud
Will Not Fix
Debian 9 backports
Will Not Fix