CVE-2018-11508

MEDIUM

Linux Kernel < 4.16.9 - Unauthorized Memory Read via adjtimex

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-11508. PoCs published by wally0813.

AI-analyzed exploit summary This exploit leverages a kernel information leak vulnerability (CVE-2018-11508) in the `adjtimex` syscall to disclose kernel stack addresses. It calculates the kernel base address by subtracting a fixed offset from the leaked value.

Description

The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.

Exploits (1)

exploitdb WORKING POC

by wally0813 · cdoslinux

https://www.exploit-db.com/exploits/46208

View Code ZIP pw:eip

This exploit leverages a kernel information leak vulnerability (CVE-2018-11508) in the `adjtimex` syscall to disclose kernel stack addresses. It calculates the kernel base address by subtracting a fixed offset from the leaked value.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel 4.13.0-16-generic (Ubuntu)

No auth needed

Prerequisites: Linux kernel 4.13.0-16-generic · 32-bit environment

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10

Core References

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3695-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3695-2/

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/project-zero/issues/detail?id=1574

Release Notes, Vendor Advisory x_refsource_misc

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104292

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3697-1/

Patch, Third Party Advisory x_refsource_misc

https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95

View Patch ZIP pw:eip

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3697-2/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46208/

Patch, Vendor Advisory x_refsource_misc

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95

Scores

CVSS v3 5.5

EPSS 0.0154

EPSS Percentile 81.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (4)

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

linux/linux_kernel < 4.16.9

Published May 28, 2018

Tracked Since Feb 18, 2026